CVE-2005-3547 - OpenCVE

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Invision Power Services	Invision Board

Configuration 1 [-]

cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*

References

Link	Resource
http://benji.redkod.org/audits/ipb.2.1.pdf
http://osvdb.org/20516
http://osvdb.org/20517
http://osvdb.org/20518
http://osvdb.org/20519
http://osvdb.org/20520
http://osvdb.org/20521
http://osvdb.org/20522
http://secunia.com/advisories/17443	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/415801/30/0/threaded
http://www.securityfocus.com/bid/15344
http://www.securityfocus.com/bid/15345
https://exchange.xforce.ibmcloud.com/vulnerabilities/22999

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-16T07:37:00

Updated: 2018-10-19T14:57:01

Reserved: 2005-11-16T00:00:00

Link: CVE-2005-3547

JSON object: View

NVD Information

Status : Modified

Published: 2005-11-16T07:42:00.000

Modified: 2018-10-19T15:37:01.893

Link: CVE-2005-3547

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-11-04T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20051104 Failles dans Invision Power Board 2.1 [xss]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"}, {"name": "invision-powerboard-admin-xss(22999)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"}, {"name": "20520", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/20520"}, {"name": "20519", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/20519"}, {"name": "15344", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15344"}, {"name": "17443", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17443"}, {"name": "20518", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/20518"}, {"name": "20516", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/20516"}, {"name": "20517", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/20517"}, {"name": "15345", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15345"}, {"name": "20521", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/20521"}, {"tags": ["x_refsource_MISC"], "url": "http://benji.redkod.org/audits/ipb.2.1.pdf"}, {"name": "20522", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/20522"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20051104 Failles dans Invision Power Board 2.1 [xss]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"}, {"name": "invision-powerboard-admin-xss(22999)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"}, {"name": "20520", "refsource": "OSVDB", "url": "http://osvdb.org/20520"}, {"name": "20519", "refsource": "OSVDB", "url": "http://osvdb.org/20519"}, {"name": "15344", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15344"}, {"name": "17443", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17443"}, {"name": "20518", "refsource": "OSVDB", "url": "http://osvdb.org/20518"}, {"name": "20516", "refsource": "OSVDB", "url": "http://osvdb.org/20516"}, {"name": "20517", "refsource": "OSVDB", "url": "http://osvdb.org/20517"}, {"name": "15345", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15345"}, {"name": "20521", "refsource": "OSVDB", "url": "http://osvdb.org/20521"}, {"name": "http://benji.redkod.org/audits/ipb.2.1.pdf", "refsource": "MISC", "url": "http://benji.redkod.org/audits/ipb.2.1.pdf"}, {"name": "20522", "refsource": "OSVDB", "url": "http://osvdb.org/20522"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3547", "datePublished": "2005-11-16T07:37:00", "dateReserved": "2005-11-16T00:00:00", "dateUpdated": "2018-10-19T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "05FA7E1F-D9D2-419F-A9DE-7BE4253F897E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board 2.1 permite a atacantes remotos inyectar web scritp o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) adsess, (2) name y (3) description en admin.php, y (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, y otros m\u00faltiples campos de entrada.\r\n"}], "id": "CVE-2005-3547", "lastModified": "2018-10-19T15:37:01.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-11-16T07:42:00.000", "references": [{"source": "cve@mitre.org", "url": "http://benji.redkod.org/audits/ipb.2.1.pdf"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/20516"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/20517"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/20518"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/20519"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/20520"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/20521"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/20522"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17443"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15344"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/15345"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}