XSS in Invisioncommunity Invision_power_board
CVE-2014-5106
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (49.0th percentile) — read the EPSS interpretation.
Affected products
- Invisioncommunity Invision_power_board — versions 3.4.0, 3.4.1, 3.4.2
- N/a — versions n/a
Weakness classification (CWE)
References
- ipboard-index-referer-xss(94693) (vdb-entry, x_refsource_XF)
- 20140716 IP.Board 3.4 cross-site scripting in Referer header (mailing-list, x_refsource_BUGTRAQ)
- 68705 (vdb-entry, x_refsource_BID)