AlphaOne Technology Support Forums
Welcome, Guest. Please login or register.
December 02, 2008, 08:09:40 AM

Login with username, password and session length
Search:     Advanced search
1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley
* Home Help Search Login Register
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Invisionboard  |  Topic: Invision Power Board Attachments Cross Site Scripting Issue 0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Invision Power Board Attachments Cross Site Scripting Issue  (Read 991 times)
TJ
Tech Team
Hero Member
********
Offline Offline

Posts: 136



View Profile
Invision Power Board Attachments Cross Site Scripting Issue
« on: August 13, 2005, 08:45:29 PM »
* Technical Description *

A cross site scripting vulnerability was identified in Invision Power Board, which may be exploited by attackers to inject malicious HTML code. This flaw is due to a design error when processing uploaded HTML and TEXT attachments, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser when specially crafted attachments are viewed.

 * Affected Products *

Invision Power Board version 2.0.4 and prior
Invision Power Board version 1.0.3 and prior

 * Solution *

No official supplied patch for this issue.

 * References *

http://www.frsirt.com/english/advisories/2005/1347
Logged
Pages: [1] Go Up Print 
AlphaOne Technology Support Forums  |  IMPORTANT ANNOUNCEMENTS  |  Security Announcements  |  Invisionboard  |  Topic: Invision Power Board Attachments Cross Site Scripting Issue « previous next »
Jump to:  

Powered by MySQL Powered by PHP AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved. 		Valid XHTML 1.0! Valid CSS!