Vulnerability Description
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invision Power Services | Invision Board | 2.1 |
References
- http://benji.redkod.org/audits/ipb.2.1.pdf
- http://osvdb.org/20516
- http://osvdb.org/20517
- http://osvdb.org/20518
- http://osvdb.org/20519
- http://osvdb.org/20520
- http://osvdb.org/20521
- http://osvdb.org/20522
- http://secunia.com/advisories/17443PatchVendor Advisory
- http://www.securityfocus.com/archive/1/415801/30/0/threaded
- http://www.securityfocus.com/bid/15344
- http://www.securityfocus.com/bid/15345
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22999
- http://benji.redkod.org/audits/ipb.2.1.pdf
- http://osvdb.org/20516
FAQ
What is CVE-2005-3547?
CVE-2005-3547 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admi...
How severe is CVE-2005-3547?
CVE-2005-3547 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3547?
Check the references section above for vendor advisories and patch information. Affected products include: Invision Power Services Invision Board.