CVE-2007-4912

{"id": "CVE-2007-4912", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-09-17T17:17:00.000", "references": [{"url": "http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870", "source": "cve@mitre.org"}, {"url": "http://forums.invisionpower.com/index.php?showtopic=237075", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26788", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25656", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589", "source": "cve@mitre.org"}, {"url": "http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://forums.invisionpower.com/index.php?showtopic=237075", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/26788", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/25656", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36589", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ips_kernel/class_ajax.php en Invision Power Board (IPB or IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos inyectar secuencias de comandos web o HTML dentro de los campos de configuraci\u00f3n de usuario a trav\u00e9s de vectores no espec\u00edficos relacionado con la asignaci\u00f3n de caracteres diferentes de iso-8859-1 o utf-8."}], "lastModified": "2024-11-21T00:36:42.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED5116FA-C532-42DF-ABBD-193AD7B799A6"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A90F21A-0FE7-456C-86FA-2F60542A7EA1"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BC2011-5D19-4AF2-BCCD-38A03D0175FC"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05AF1F12-0E9C-478C-9DDA-356E5231A073"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9826649-436F-4C05-A0DB-0C5D5CC42B61"}, {"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D2431F4-91A3-42C0-985C-1A5DBE305E95"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}