Invision Power Board HTTP POST Request IFRAME Tag XSS

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a PHP script that is vulnerable to a
cross-site scripting attack.

Description :

The version of Invision Power Board installed on the remote host does
not properly sanitize HTML tags, which enables a remote attacker to
inject a malicious IFRAME when posting a message to one of the hosted
forums. This could cause arbitrary HTML and script code to be
executed in the context of users browsing the forum, which could allow
an attacker to steal cookies or misrepresent site content.

Solution :

Upgrade to Invision Power Board 2.0.3 or later.

Risk factor :

Low / CVSS Base Score : 3.5
CVSS Temporal Score : 3.5
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 17609 (invision_power_board_iframe_xss.nasl)

Bugtraq ID: 12888

CVE ID: CVE-2005-0886

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now