CVE-2007-2963

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-2963
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://forums.invisionpower.com/index.php?showtopic=235069 Patch
http://osvdb.org/35430
http://osvdb.org/35431
http://osvdb.org/35432
http://osvdb.org/35433
http://osvdb.org/35434
http://osvdb.org/35435
http://secunia.com/advisories/25437 Patch Vendor Advisory
http://www.securityfocus.com/bid/24244 Patch
http://www.vupen.com/english/advisories/2007/1993
https://exchange.xforce.ibmcloud.com/vulnerabilities/34616
http://forums.invisionpower.com/index.php?showtopic=235069 Patch
http://osvdb.org/35430
http://osvdb.org/35431
http://osvdb.org/35432
http://osvdb.org/35433
http://osvdb.org/35434
http://osvdb.org/35435
http://secunia.com/advisories/25437 Patch Vendor Advisory
http://www.securityfocus.com/bid/24244 Patch
http://www.vupen.com/english/advisories/2007/1993
https://exchange.xforce.ibmcloud.com/vulnerabilities/34616
Configurations

Configuration 1 (hide)

cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:32

Type Values Removed Values Added
References () http://forums.invisionpower.com/index.php?showtopic=235069 - Patch () http://forums.invisionpower.com/index.php?showtopic=235069 - Patch
References () http://osvdb.org/35430 - () http://osvdb.org/35430 -
References () http://osvdb.org/35431 - () http://osvdb.org/35431 -
References () http://osvdb.org/35432 - () http://osvdb.org/35432 -
References () http://osvdb.org/35433 - () http://osvdb.org/35433 -
References () http://osvdb.org/35434 - () http://osvdb.org/35434 -
References () http://osvdb.org/35435 - () http://osvdb.org/35435 -
References () http://secunia.com/advisories/25437 - Patch, Vendor Advisory () http://secunia.com/advisories/25437 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/24244 - Patch () http://www.securityfocus.com/bid/24244 - Patch
References () http://www.vupen.com/english/advisories/2007/1993 - () http://www.vupen.com/english/advisories/2007/1993 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34616 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34616 -
Information

Published : 2007-05-31 23:30

Updated : 2024-11-21 00:32

NVD link : CVE-2007-2963

Mitre link : CVE-2007-2963

CVE.ORG link : CVE-2007-2963

JSON object : View

Products Affected

invision_power_services

  • invision_power_board
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024