ID |
CVE-2007-2349
|
Summary |
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. The vendor has addressed this issue with the following product update:
http://forums.invisionpower.com/index.php?showtopic=234377 |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.8 (as of 29-07-2017 - 01:31) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
refmap
via4
|
|
Last major update |
29-07-2017 - 01:31 |
Published |
30-04-2007 - 22:19 |
Last modified |
29-07-2017 - 01:31 |