Vulnerabilities > CVE-2005-1597 - Cross-Site Scripting vulnerability in Invision Power Board Topics.PHP Highlite Parameter
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
Vulnerable Configurations
Exploit-Db
description | Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities. CVE-2005-1597,CVE-2005-1598. Webapps exploit for PHP platform |
id | EDB-ID:43824 |
last seen | 2018-01-24 |
modified | 2015-05-05 |
published | 2015-05-05 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43824/ |
title | Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities |
Nessus
NASL family | CGI abuses |
NASL id | INVISION_POWER_BOARD_2_0_4.NASL |
description | According to its banner, the version of Invision Power Board on the remote host suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-input supplied through the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18203 |
published | 2005-05-09 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18203 |
title | Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS) |
code |
|
References
- http://forums.invisionpower.com/index.php?showtopic=168016
- http://marc.info/?l=bugtraq&m=111539908705851&w=2
- http://secunia.com/advisories/15265
- http://securitytracker.com/id?1013907
- http://www.gulftech.org/?node=research&article_id=00073-05052005
- http://www.osvdb.org/16298
- http://www.securityfocus.com/bid/13534
- http://www.vupen.com/english/advisories/2005/0487
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20445