CVE-2021-39250 - OpenCVE

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Invisioncommunity	Invision Power Board

Configuration 1 [-]

cpe:2.3:a:invisioncommunity:invision_power_board:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://invisioncommunity.com/release-notes/4651-r102/
https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-17T22:02:12

Updated: 2024-08-04T02:06:40.952Z

Reserved: 2021-08-17T00:00:00

Link: CVE-2021-39250

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-17T23:15:07.660

Modified: 2021-08-25T18:44:28.667

Link: CVE-2021-39250

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-17T22:02:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain/"}, {"tags": ["x_refsource_MISC"], "url": "https://invisioncommunity.com/release-notes/4651-r102/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-39250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain/", "refsource": "MISC", "url": "https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain/"}, {"name": "https://invisioncommunity.com/release-notes/4651-r102/", "refsource": "MISC", "url": "https://invisioncommunity.com/release-notes/4651-r102/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:06:40.952Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://invisioncommunity.com/release-notes/4651-r102/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-39250", "datePublished": "2021-08-17T22:02:12", "dateReserved": "2021-08-17T00:00:00", "dateUpdated": "2024-08-04T02:06:40.952Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:*:*:*:*:*:*:*:*", "matchCriteriaId": "11BFD544-1F71-48B6-909E-7E54E71C6528", "versionEndExcluding": "4.6.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML)."}, {"lang": "es", "value": "Invision Community (tambi\u00e9n se conoce como IPS Community Suite o IP-Board) versiones anteriores a 4.6.5.1 permite un ataque de tipo XSS almacenado, con la consiguiente ejecuci\u00f3n de c\u00f3digo, porque un archivo cargado puede colocarse en un elemento IFRAME dentro del contenido generado por el usuario. Para la ejecuci\u00f3n de c\u00f3digo, el atacante puede confiar en la habilidad de un administrador para instalar widgets, la divulgaci\u00f3n del ID de sesi\u00f3n del administrador en un encabezado Referer, y la habilidad de un administrador para usar el motor de plantillas (por ejemplo, Editar HTML)."}], "id": "CVE-2021-39250", "lastModified": "2021-08-25T18:44:28.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-17T23:15:07.660", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://invisioncommunity.com/release-notes/4651-r102/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}