Vulnerabilities > CVE-2005-1443 - Cross-Site Scripting vulnerability in Invision Power Board

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

invision-power-services

nessus

NVD

Published: 2005-05-03

Updated: 2008-09-05

Summary

Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Power Board 2.0.3 Invision Power Services Invision Power Board 2.1_Alpha2	2

Nessus

NASL family	CGI abuses : XSS
NASL id	INVISION_POWER_BOARD_ACT_XSS.NASL
description	The version of Invision Power Board installed on the remote host suffers from a cross-site scripting vulnerability due to its failure to sanitize user input via the
last seen	2020-06-01
modified	2020-06-02
plugin id	18201
published	2005-05-05
reporter	This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18201
title	Invision Power Board index.php Multiple Parameter XSS

References

http://securitytracker.com/id?1013863