CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board"

2014-10-16T00:00:00
ID SECURITYVULNS:DOC:31284
Type securityvulns
Reporter Securityvulns
Modified 2014-10-16T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

CVE-2014-3149

"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "Invision Power IP.Board" product

Vendor

Invision Power Services Inc.

Product

IP.Board "IP.Board is the leading solution for creating an engaging discussion forum on the web. Trusted by thousands of forums, large and small." - source: https://www.invisionpower.com/apps/board/

Affected versions

This vulnerability affects versions of IP.Board prior 3.4.6 as well as versions 3.3.x

Patch

The vendor has released patches for versions 3.4.x and 3.3.x at http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security-update/

Reported by

This issue was reported to the vendor by Christian Schneider (@cschneider4711) following a responsible disclosure process.

Severity

Low

Exploitability

Clickjacking or social engineering required

Description

Using a specially crafted request to access the web forum software IP.Board it is possible to execute Reflected Cross-Site Scripting (XSS) attacks. Due to a token-based CSRF protection the actual exploitation is somewhat limited, since attackers have to trick victims (using Clickjacking or social engineering) into submitting an attacker supplied content.

Proof of concept

Due to the responsible disclosure process chosen and to not harm unpatched systems, no concrete exploit code will be presented in this advisory.

References

http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security-update/ http://www.christian-schneider.net/advisories/CVE-2014-3149.txt

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAlOzCDAACgkQXYAsOfddvFNgVwCggTYy8+9mVPUlXYu4ugzMqsLI z+gAn1RfHeDRt2OfaQuEendLdcvsumtF =grTH -----END PGP SIGNATURE-----