2.1.4

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

invision-power-services

NVD

Published: 2006-03-19

Updated: 2011-03-08

Summary

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Power Board 2.0.4 Invision Power Services Invision Power Board 2.1.4	2

References

http://forums.invisionpower.com/index.php?showtopic=206790
http://secunia.com/advisories/19141
http://www.vupen.com/english/advisories/2006/0861