Vulnerability Description
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invision Power Services | Invision Power Board | 2.1.5_2006-03-08 |
Related Weaknesses (CWE)
References
- http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
- http://forums.invisionpower.com/index.php?showtopic=237075Patch
- http://secunia.com/advisories/26788PatchVendor Advisory
- http://www.securityfocus.com/bid/25656
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36589
- http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870
- http://forums.invisionpower.com/index.php?showtopic=237075Patch
- http://secunia.com/advisories/26788PatchVendor Advisory
- http://www.securityfocus.com/bid/25656
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36589
FAQ
What is CVE-2007-4912?
CVE-2007-4912 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into...
How severe is CVE-2007-4912?
CVE-2007-4912 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4912?
Check the references section above for vendor advisories and patch information. Affected products include: Invision Power Services Invision Power Board.