IP.Board Calendar Application Script Insertion Vulnerability

InvisionNutCase · June 25, 2010

Secunia Advisory SA40132

IP.Board Calendar Application Script Insertion Vulnerability

Secunia Advisory SA40132
Get alerted and manage the vulnerability life cycle Free Trial
Release Date 2010-06-16 Popularity 389 views Comments 0 comments
Criticality level Less critical

Impact Cross Site Scripting
Where From remote Authentication level Available in Customer Area
Report reliability Available in Customer Area Solution Status Unpatched Systems affected Available in Customer Area Approve distribution Available in Customer Area Software:

IP.Board (Invision Power Board) 3.x
Secunia CVSS Score Available in Customer Area CVE Reference(s) No CVE references.

AlexJ · June 25, 2010

http://archives.neohapsis.com/archives/bugtraq/2010-06/0113.html

Vendor-Status: informed

Looks like they are aware and working on it? I might be wrong though.

InvisionNutCase · June 25, 2010

it says 3.0.5 and prior, so 3.1 appears to be safe...

bfarber · June 25, 2010

We were not notified of this, no. We are following up and will update you when we have more information.

Biker.GA · June 25, 2010

I haven't noticed any attempts for script insertion with the calendar. I get anywhere from 3-10 attempts per day with the shoutbox, though. mod_security FTW. :)

Five Invision Community 5 features your team will love

Five Invision Community 5 features your members will love

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

IP.Board Calendar Application Script Insertion Vulnerability

Recommended Posts

InvisionNutCase

AlexJ

InvisionNutCase

bfarber

Biker.GA

Archived

Recently Browsing 0 members

More