CVE-2007-2349 - Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows r

CVE-2007-2349

Summary

Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. The vendor has addressed this issue with the following product update: http://forums.invisionpower.com/index.php?showtopic=234377

References

Vulnerable Configurations

cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*
cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

refmap via4

confirm	http://forums.invisionpower.com/index.php?showtopic=234377
osvdb	35427
secunia	25021
vupen	ADV-2007-1558
xf	ipb-classupload-xss(33942)

Last major update

29-07-2017 - 01:31

Published

30-04-2007 - 22:19

Last modified

29-07-2017 - 01:31