CVE-2005-3547

Sažetak

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.

Reference

http://benji.redkod.org/audits/ipb.2.1.pdf
http://osvdb.org/20516
http://osvdb.org/20517
http://osvdb.org/20518
http://osvdb.org/20519
http://osvdb.org/20520
http://osvdb.org/20521
http://osvdb.org/20522
http://secunia.com/advisories/17443
http://www.securityfocus.com/archive/1/415801/30/0/threaded
http://www.securityfocus.com/bid/15344
http://www.securityfocus.com/bid/15345
https://exchange.xforce.ibmcloud.com/vulnerabilities/22999

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:37

Objavljeno

16-11-2005 - 07:42