How to Buy
This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.
The remote web server contains a PHP script that is vulnerable to a
cross-site scripting attack.
According to the version number in its banner, the installation of
Invision Power Board on the remote host reportedly does not
sufficiently sanitize the 'COLOR' SML tag. A remote attacker may
exploit this vulnerability by adding a specially crafted 'COLOR' tag
browsing that forum, which may enable an attacker to steal cookies or
misrepresent site content.
In addition, it has been reported that an attacker can inject
arbitrary script into a signature file. However, Nessus has not tested
for this issue.
See also :
Apply the patch referenced in the vendor advisory above.
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 3.5
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 17202 (invision_power_board_color_sml_tag.nasl)
Bugtraq ID: 12607
CVE ID: CVE-2005-0477
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.