|
Family: CGI abuses : XSS --> Category: infos
Invision Power Board COLOR SML Tag Script Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Detect Invision Power Board COLOR SML Tag Script Injection
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is vulnerable to a
cross-site scripting attack.
Description :
According to the version number in its banner, the installation of
Invision Power Board on the remote host reportedly does not
sufficiently sanitize the 'COLOR' SML tag. A remote attacker may
exploit this vulnerability by adding a specially-crafted 'COLOR' tag
with arbitrary Javascript to any signature or post on an Invision
board. That Javascript will later be executed in the context of users
browsing that forum, which may enable a possible hacker to steal cookies or
misrepresent site content.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-02/0257.html
http://forums.invisionpower.com/index.php?showtopic=160633
Solution :
Apply the patch referenced in the vendor advisory above.
Threat Level:
Low / CVSS Base Score : 1
(AV:R/AC:H/Au:R/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|