CVE-2005-2542

Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/14492	Exploit
http://secunia.com/advisories/16348
http://marc.info/?l=bugtraq&m=112327712614854&w=2

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0.1:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0.2:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0.3:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0.4:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:::::::*
	cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:::::::*

Information

Published : 2005-08-09 21:00

Updated : 2016-10-17 20:28

NVD link : CVE-2005-2542

Mitre link : CVE-2005-2542

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

invision_power_services

invision_board

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/14492", "name": "14492", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/16348", "name": "16348", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=112327712614854&w=2", "name": "20050805 ipb Css bug(now public)", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2542", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-08-10T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0_alpha_3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0_pdr3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.1_alpha2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:invision_power_services:invision_board:2.0_pf2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T03:28Z"}