4.3

CVE-2005-3547

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.71% 0.84
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://benji.redkod.org/audits/ipb.2.1.pdf
http://osvdb.org/20516
http://osvdb.org/20517
http://osvdb.org/20518
http://osvdb.org/20519
http://osvdb.org/20520
http://osvdb.org/20521
http://osvdb.org/20522
http://secunia.com/advisories/17443
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/415801/30/0/threaded
http://www.securityfocus.com/bid/15344
http://www.securityfocus.com/bid/15345
https://exchange.xforce.ibmcloud.com/vulnerabilities/22999