Vulnerabilities > CVE-2007-2349 - Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.1/2.2

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

invision-power-services

NVD

Published: 2007-04-30

Updated: 2017-07-29

Summary

Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. The vendor has addressed this issue with the following product update: http://forums.invisionpower.com/index.php?showtopic=234377

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Power Board 2.1 Invision Power Services Invision Power Board 2.2	2

References

http://forums.invisionpower.com/index.php?showtopic=234377
http://osvdb.org/35427
http://secunia.com/advisories/25021
http://www.vupen.com/english/advisories/2007/1558
https://exchange.xforce.ibmcloud.com/vulnerabilities/33942