Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses : XSS >> Invision Power Board COLOR SML Tag Script Injection Vulnerability


Vulnerability Assessment Details

Invision Power Board COLOR SML Tag Script Injection Vulnerability

Vulnerability Assessment Summary
Detect Invision Power Board COLOR SML Tag Script Injection

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that is vulnerable to a
cross-site scripting attack.

Description :

According to the version number in its banner, the installation of
Invision Power Board on the remote host reportedly does not
sufficiently sanitize the 'COLOR' SML tag. A remote attacker may
exploit this vulnerability by adding a specially-crafted 'COLOR' tag
with arbitrary Javascript to any signature or post on an Invision
board. That Javascript will later be executed in the context of users
browsing that forum, which may enable a possible hacker to steal cookies or
misrepresent site content.

See also :

http://archives.neohapsis.com/archives/bugtraq/2005-02/0257.html
http://forums.invisionpower.com/index.php?showtopic=160633

Solution :

Apply the patch referenced in the vendor advisory above.

Network Security Threat Level:

Low / CVSS Base Score : 1
(AV:R/AC:H/Au:R/C:N/A:N/I:P/B:N)

Networks Security ID: 12607

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security

Cables, Connectors


Samsung Galaxy Tab A8 10.5

Samsung Galaxy Tab A8 10.5" 64GB Gray WiFi Tab SM-X200NZAZXAR 2022 Model Bundle

$130.00



Samsung Galaxy Tab A 8

Samsung Galaxy Tab A 8" SM-T387V 32GB Verizon Tablet (No SIM Tray) Grade B

$31.99



Samsung Galaxy Tab A9 (X110) 64GB 4GB RAM International Version (New) picture

Samsung Galaxy Tab A9 (X110) 64GB 4GB RAM International Version (New)

$129.99



Samsung Galaxy Tab S7 FE 12.4

Samsung Galaxy Tab S7 FE 12.4" 64GB Mystic Black SM-T733NZKYXAR w/ Keyboard

$279.99



NEW Samsung Galaxy Tab A8 10.5-in 32GB Tablet - Gray SM-X200 picture

NEW Samsung Galaxy Tab A8 10.5-in 32GB Tablet - Gray SM-X200

$129.98



Samsung Galaxy Tab A 8

Samsung Galaxy Tab A 8" SM-T387V 32GB Verizon WIFI + Cellular Grade A Condition

$54.99



Samsung Chromebook Computer 11.6

Samsung Chromebook Computer 11.6" Celeron 2GB 16GB SSD WiFi Webcam Bluetooth

$44.99



Samsung Galaxy Tab A9+ 11.0

Samsung Galaxy Tab A9+ 11.0" 64GB Gray Wi-Fi Tablet Bundle SM-X210NZAYXAR 2023

$170.00



512GB SAMSUNG EVO Plus Micro SD MicroSDXC Flash Memory Card w/ SD Adapter picture

512GB SAMSUNG EVO Plus Micro SD MicroSDXC Flash Memory Card w/ SD Adapter

$10.78



Samsung Galaxy Tab A8 - SM-X200 - 32GB - Wi-Fi 10.5

Samsung Galaxy Tab A8 - SM-X200 - 32GB - Wi-Fi 10.5" Gray - EXCELLENT Condition

$109.95



Discussions

No Discussions have been posted on this vulnerability.