CVE-2007-2963 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Invision Power Services	Invision Power Board

Configuration 1 [-]

cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*

References

Link	Resource
http://forums.invisionpower.com/index.php?showtopic=235069	Patch
http://osvdb.org/35430
http://osvdb.org/35431
http://osvdb.org/35432
http://osvdb.org/35433
http://osvdb.org/35434
http://osvdb.org/35435
http://secunia.com/advisories/25437	Patch Vendor Advisory
http://www.securityfocus.com/bid/24244	Patch
http://www.vupen.com/english/advisories/2007/1993
https://exchange.xforce.ibmcloud.com/vulnerabilities/34616

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-31T23:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-05-31T00:00:00

Link: CVE-2007-2963

JSON object: View

NVD Information

Status : Modified

Published: 2007-05-31T23:30:00.000

Modified: 2017-07-29T01:31:52.817

Link: CVE-2007-2963

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-30T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ipb-editorid-xss(34616)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"}, {"name": "24244", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24244"}, {"name": "25437", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25437"}, {"name": "35431", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35431"}, {"name": "35430", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35430"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.invisionpower.com/index.php?showtopic=235069"}, {"name": "35435", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35435"}, {"name": "ADV-2007-1993", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1993"}, {"name": "35433", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35433"}, {"name": "35434", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35434"}, {"name": "35432", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35432"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2963", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ipb-editorid-xss(34616)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"}, {"name": "24244", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24244"}, {"name": "25437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25437"}, {"name": "35431", "refsource": "OSVDB", "url": "http://osvdb.org/35431"}, {"name": "35430", "refsource": "OSVDB", "url": "http://osvdb.org/35430"}, {"name": "http://forums.invisionpower.com/index.php?showtopic=235069", "refsource": "CONFIRM", "url": "http://forums.invisionpower.com/index.php?showtopic=235069"}, {"name": "35435", "refsource": "OSVDB", "url": "http://osvdb.org/35435"}, {"name": "ADV-2007-1993", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1993"}, {"name": "35433", "refsource": "OSVDB", "url": "http://osvdb.org/35433"}, {"name": "35434", "refsource": "OSVDB", "url": "http://osvdb.org/35434"}, {"name": "35432", "refsource": "OSVDB", "url": "http://osvdb.org/35432"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2963", "datePublished": "2007-05-31T23:00:00", "dateReserved": "2007-05-31T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F2A2644-353B-4B55-BB02-2C2E9F8948E9", "versionEndIncluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IPB o IP.Board) 2.2.2 y, posiblemente, versiones anteriores, permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php o (6) el par\u00e1metro editorid en el module_table.php del jscripts/folder_rte_files/. NOTA: algunos de estos detalles se obtienen a partir de la informaci\u00f3n de terceros."}], "id": "CVE-2007-2963", "lastModified": "2017-07-29T01:31:52.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-05-31T23:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://forums.invisionpower.com/index.php?showtopic=235069"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35430"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35431"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35432"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35433"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35434"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35435"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25437"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24244"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1993"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}