11 lines
No EOL
695 B
Text
11 lines
No EOL
695 B
Text
source: http://www.securityfocus.com/bid/12607/info
|
|
|
|
Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content.
|
|
|
|
Since this could permit an attacker to inject hostile JavaScript into the forum system, it is possible to steal cookie credentials or misrepresent site content.
|
|
|
|
This vulnerability is reported to affect Invision Power Board version 1.3.1; previous versions might also be affected.
|
|
|
|
Invision Power Board 2.0.3 is also reported vulnerable to this issue.
|
|
|
|
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascript:[code]") [/color] |