Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Invision_power_board | Invision_power_services | 2.1 (including) | 2.1 (including) |
| Invision_power_board | Invision_power_services | 2.2 (including) | 2.2 (including) |
References
- http://forums.invisionpower.com/index.php?showtopic=234377
- http://osvdb.org/35427
- http://secunia.com/advisories/25021
- http://www.vupen.com/english/advisories/2007/1558
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33942
- http://forums.invisionpower.com/index.php?showtopic=234377
- http://osvdb.org/35427
- http://secunia.com/advisories/25021
- http://www.vupen.com/english/advisories/2007/1558
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33942