Family: CGI abuses : XSS --> Category: infos
Invision Power Board COLOR SML Tag Script Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Detect Invision Power Board COLOR SML Tag Script Injection
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is vulnerable to a
cross-site scripting attack.
According to the version number in its banner, the installation of
Invision Power Board on the remote host reportedly does not
sufficiently sanitize the 'COLOR' SML tag. A remote attacker may
exploit this vulnerability by adding a specially-crafted 'COLOR' tag
browsing that forum, which may enable a possible hacker to steal cookies or
misrepresent site content.
See also :
Apply the patch referenced in the vendor advisory above.
Low / CVSS Base Score : 1
Click HERE for more information and discussions on this network vulnerability scan.