Back to search
CVE-2007-2963
Published: May 31, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ipb-editorid-xss(34616)
vdb-entry
x_refsource_XF
24244
vdb-entry
x_refsource_BID
25437
third-party-advisory
x_refsource_SECUNIA
35431
vdb-entry
x_refsource_OSVDB
35430
vdb-entry
x_refsource_OSVDB
http://forums.invisionpower.com/index.php?showtopic=235069
x_refsource_CONFIRM
35435
vdb-entry
x_refsource_OSVDB
ADV-2007-1993
vdb-entry
x_refsource_VUPEN
35433
vdb-entry
x_refsource_OSVDB
35434
vdb-entry
x_refsource_OSVDB
35432
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now