Invision Power Board COLOR SML Tag XSS

low Nessus Plugin ID 17202

Synopsis

The remote web server contains a PHP script that is vulnerable to a cross-site scripting attack.

Description

According to the version number in its banner, the installation of Invision Power Board on the remote host reportedly does not sufficiently sanitize the 'COLOR' SML tag. A remote attacker may exploit this vulnerability by adding a specially crafted 'COLOR' tag with arbitrary JavaScript to any signature or post on an Invision board. That JavaScript will later be executed in the context of users browsing that forum, which may enable an attacker to steal cookies or misrepresent site content.

In addition, it has been reported that an attacker can inject arbitrary script into a signature file. However, Nessus has not tested for this issue.

Solution

Apply the patch referenced in the vendor advisory above.

See Also

https://seclists.org/bugtraq/2005/Feb/326

http://forums.invisionpower.com/index.php?showtopic=160633

Plugin Details

Severity: Low

ID: 17202

File Name: invision_power_board_color_sml_tag.nasl

Version: 1.25

Type: remote

Published: 2/23/2005

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 3

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:invisionpower:invision_power_board

Required KB Items: Settings/ParanoidReport, www/invision_power_board

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/17/2005

Reference Information

CVE: CVE-2005-0477

BID: 12607

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990