| Vulnerability Name: | CVE-2009-5159 (CCN-178914) | ||||||||||||
| Assigned: | 2009-12-09 | ||||||||||||
| Published: | 2009-12-09 | ||||||||||||
| Updated: | 2020-03-18 | ||||||||||||
| Summary: | Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:U/RC:R)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MISC Type: Broken Link, Vendor Advisory http://community.invisionpower.com/topic/300051-invision-power-board-305-released/ Source: MITRE Type: CNA CVE-2009-5159 Source: XF Type: UNKNOWN invisionpowerboard-cve20095159-xss(178914) Source: CCN Type: Invision Community Web site Invision Community - Forum software, CMS, eCommerce & more - Invision Community Source: MISC Type: Exploit, Third Party Advisory, VDB Entry https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [12-09-2009] Source: MISC Type: Exploit, Third Party Advisory, VDB Entry https://www.exploit-db.com/exploits/33394 Source: MISC Type: Third Party Advisory, VDB Entry https://www.securityfocus.com/bid/37263/info | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||