Vulnerabilities > CVE-2007-2349 - Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.1/2.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE network
invision-power-services
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. The vendor has addressed this issue with the following product update: http://forums.invisionpower.com/index.php?showtopic=234377
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |