Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: infos

Invision Power Board COLOR SML Tag Script Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Detect Invision Power Board COLOR SML Tag Script Injection

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is vulnerable to a
cross-site scripting attack.

Description :

According to the version number in its banner, the installation of
Invision Power Board on the remote host reportedly does not
sufficiently sanitize the 'COLOR' SML tag. A remote attacker may
exploit this vulnerability by adding a specially-crafted 'COLOR' tag
with arbitrary Javascript to any signature or post on an Invision
board. That Javascript will later be executed in the context of users
browsing that forum, which may enable a possible hacker to steal cookies or
misrepresent site content.

See also :

Solution :

Apply the patch referenced in the vendor advisory above.

Threat Level:

Low / CVSS Base Score : 1

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.