InvisionNutCase Posted June 25, 2010 Share Posted June 25, 2010 Secunia Advisory SA40132IP.Board Calendar Application Script Insertion Vulnerability Secunia Advisory SA40132 Get alerted and manage the vulnerability life cycle Free Trial Release Date 2010-06-16 Popularity 389 views Comments 0 comments Criticality level Less criticalImpact Cross Site ScriptingWhere From remote Authentication level Available in Customer Area Report reliability Available in Customer Area Solution Status Unpatched Systems affected Available in Customer Area Approve distribution Available in Customer Area Software: IP.Board (Invision Power Board) 3.x Secunia CVSS Score Available in Customer Area CVE Reference(s) No CVE references. Link to comment Share on other sites More sharing options...
AlexJ Posted June 25, 2010 Share Posted June 25, 2010 http://archives.neohapsis.com/archives/bugtraq/2010-06/0113.htmlVendor-Status: informed Looks like they are aware and working on it? I might be wrong though. Link to comment Share on other sites More sharing options...
InvisionNutCase Posted June 25, 2010 Author Share Posted June 25, 2010 it says 3.0.5 and prior, so 3.1 appears to be safe... Link to comment Share on other sites More sharing options...
bfarber Posted June 25, 2010 Share Posted June 25, 2010 We were not notified of this, no. We are following up and will update you when we have more information. Link to comment Share on other sites More sharing options...
Biker.GA Posted June 25, 2010 Share Posted June 25, 2010 I haven't noticed any attempts for script insertion with the calendar. I get anywhere from 3-10 attempts per day with the shoutbox, though. mod_security FTW. :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.