CVE-2007-2963 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Invision Power Services	Invision Power Board

Configuration 1 [-]

cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://forums.invisionpower.com/index.php?showtopic=235069
http://osvdb.org/35430
http://osvdb.org/35431
http://osvdb.org/35432
http://osvdb.org/35433
http://osvdb.org/35434
http://osvdb.org/35435
http://secunia.com/advisories/25437
http://www.securityfocus.com/bid/24244
http://www.vupen.com/english/advisories/2007/1993
https://exchange.xforce.ibmcloud.com/vulnerabilities/34616

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-31T23:00:00

Updated: 2024-08-07T13:57:54.647Z

Reserved: 2007-05-31T00:00:00

Link: CVE-2007-2963

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-05-31T23:30:00.000

Modified: 2017-07-29T01:31:52.817

Link: CVE-2007-2963

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-30T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ipb-editorid-xss(34616)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"}, {"name": "24244", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24244"}, {"name": "25437", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25437"}, {"name": "35431", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35431"}, {"name": "35430", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35430"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.invisionpower.com/index.php?showtopic=235069"}, {"name": "35435", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35435"}, {"name": "ADV-2007-1993", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1993"}, {"name": "35433", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35433"}, {"name": "35434", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35434"}, {"name": "35432", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35432"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2963", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ipb-editorid-xss(34616)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"}, {"name": "24244", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24244"}, {"name": "25437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25437"}, {"name": "35431", "refsource": "OSVDB", "url": "http://osvdb.org/35431"}, {"name": "35430", "refsource": "OSVDB", "url": "http://osvdb.org/35430"}, {"name": "http://forums.invisionpower.com/index.php?showtopic=235069", "refsource": "CONFIRM", "url": "http://forums.invisionpower.com/index.php?showtopic=235069"}, {"name": "35435", "refsource": "OSVDB", "url": "http://osvdb.org/35435"}, {"name": "ADV-2007-1993", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1993"}, {"name": "35433", "refsource": "OSVDB", "url": "http://osvdb.org/35433"}, {"name": "35434", "refsource": "OSVDB", "url": "http://osvdb.org/35434"}, {"name": "35432", "refsource": "OSVDB", "url": "http://osvdb.org/35432"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.647Z"}, "title": "CVE Program Container", "references": [{"name": "ipb-editorid-xss(34616)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"}, {"name": "24244", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24244"}, {"name": "25437", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25437"}, {"name": "35431", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35431"}, {"name": "35430", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35430"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://forums.invisionpower.com/index.php?showtopic=235069"}, {"name": "35435", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35435"}, {"name": "ADV-2007-1993", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1993"}, {"name": "35433", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35433"}, {"name": "35434", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35434"}, {"name": "35432", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35432"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2963", "datePublished": "2007-05-31T23:00:00", "dateReserved": "2007-05-31T00:00:00", "dateUpdated": "2024-08-07T13:57:54.647Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F2A2644-353B-4B55-BB02-2C2E9F8948E9", "versionEndIncluding": "2.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IPB o IP.Board) 2.2.2 y, posiblemente, versiones anteriores, permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php o (6) el par\u00e1metro editorid en el module_table.php del jscripts/folder_rte_files/. NOTA: algunos de estos detalles se obtienen a partir de la informaci\u00f3n de terceros."}], "id": "CVE-2007-2963", "lastModified": "2017-07-29T01:31:52.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-05-31T23:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://forums.invisionpower.com/index.php?showtopic=235069"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35430"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35431"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35432"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35433"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35434"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35435"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25437"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24244"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1993"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34616"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}