ID de Prueba:	1.3.6.1.4.1.25623.1.0.800387
Categoría:	Web application abuses
Título:	Invision Power Board Cross-Site Scripting Vulnerability
Resumen:	Invision Power Board is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: Invision Power Board is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Improper sanitization of user supplied input in the signature data which can cause crafting malicious IFRAME or HTML tags to gain sensitive information about the web application or can cause injection of web pages to the web application. Vulnerability Impact: Successful exploitation will let attackers execute arbitrary code in the context of the affected web application and can cause various web related attacks by point to malicious IFRAME or HTML data. Affected Software/OS: Invision Power Board version 2.3.1 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6565 BugTraq ID: 28466 http://www.securityfocus.com/bid/28466 Bugtraq: 20080326 Invision Power Board <=2.3.x iFrame Vuln (Google Search) http://www.securityfocus.com/archive/1/490115/100/0/threaded XForce ISS Database: Invisionpowerboard-signature-xss(41502) https://exchange.xforce.ibmcloud.com/vulnerabilities/41502
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.