CVE-2005-1597

Sažetak

Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.

Reference

http://forums.invisionpower.com/index.php?showtopic=168016
http://marc.info/?l=bugtraq&m=111539908705851&w=2
http://secunia.com/advisories/15265
http://securitytracker.com/id?1013907
http://www.gulftech.org/?node=research&article_id=00073-05052005
http://www.osvdb.org/16298
http://www.securityfocus.com/bid/13534
http://www.vupen.com/english/advisories/2005/0487
https://exchange.xforce.ibmcloud.com/vulnerabilities/20445

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:32

Objavljeno

16-05-2005 - 04:00