header-logo
Suggest Exploit
vendor:
Invision Power Board
by:
SecurityFocus
N/A
CVSS
N/A
HTML Injection
79
CWE
Product Name: Invision Power Board
Affected Version From: All
Affected Version To: All
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Invision Power Board HTML Injection Vulnerability

Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. It is reported that due to a lack of filtering of HTML tags, an attacker can inject an IFRAME through an HTTP POST request.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12888/info

Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data.

It is reported that due to a lack of filtering of HTML tags, an attacker can inject an IFRAME through an HTTP POST request.

All version of Invision Power Board are considered vulnerable at the moment.

This BID will be updated when more information is available. 

<iframe id="frame1" name="frame1" frameborder=0 width=0 height=0
src="http://www.example.com/forums/index.php?act=Msg&CODE=04&MODE=1&entered_name=Woody&msg_title=hi&Post=I%20love%20you!">
</iframe>

Navigation

Suggest Exploit

Services By CQR