Family: CGI abuses : XSS --> Category: infos
Invision Power Board IFRAME HTML Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for IFRAME HTML Injection Vulnerability in Invision Power Board
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is vulnerable to a
cross-site scripting attack.
The version of Invision Power Board installed on the remote host does
not properly sanitize HTML tags, which enables a remote attacker to
inject a malicious IFRAME when posting a message to one of the hosted
forums. This could cause arbitrary HTML and script code to be
executed in the context of users browsing the forum, which may enable
a possible hacker to steal cookies or misrepresent site content.
Upgrade to Invision Power Board 2.0.3 or later.
Low / CVSS Base Score : 1
Click HERE for more information and discussions on this network vulnerability scan.