CVE-2007-4912

medium

Description

Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36589

http://www.securityfocus.com/bid/25656

http://secunia.com/advisories/26788

http://forums.invisionpower.com/index.php?showtopic=237075

http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870

Details

Source: Mitre, NVD

Published: 2007-09-17

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00282