Vulnerabilities > CVE-2005-0886 - HTML Injection vulnerability in Invision Power Board
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.
Vulnerable Configurations
Exploit-Db
description | Invision Power Board 1.x/2.0 HTML Injection Vulnerability. CVE-2005-0886. Webapps exploit for php platform |
id | EDB-ID:25267 |
last seen | 2016-02-03 |
modified | 2005-03-23 |
published | 2005-03-23 |
reporter | Woody Hughes |
source | https://www.exploit-db.com/download/25267/ |
title | Invision Power Board 1.x/2.0 HTML Injection Vulnerability |
Nessus
NASL family | CGI abuses : XSS |
NASL id | INVISION_POWER_BOARD_IFRAME_XSS.NASL |
description | The version of Invision Power Board installed on the remote host does not properly sanitize HTML tags, which enables a remote attacker to inject a malicious IFRAME when posting a message to one of the hosted forums. This could cause arbitrary HTML and script code to be executed in the context of users browsing the forum, which could allow an attacker to steal cookies or misrepresent site content. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17609 |
published | 2005-03-24 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17609 |
title | Invision Power Board HTTP POST Request IFRAME Tag XSS |
code |
|