CVE-2005-0477

Published: Mar 30, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.

Affected (8)

Products: Invision Power Services: Invision Power Board

Invision Power Services

1 product

Invision Power Board

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Invision Power Services Invision Power Board	Version 1.0.1
Invision Power Services Invision Power Board	Version 1.0
Invision Power Services Invision Power Board	Version 1.1.1
Invision Power Services Invision Power Board	Version 1.1.2
Invision Power Services Invision Power Board	Version 1.2
Invision Power Services Invision Power Board	Version 1.3.1_final
Invision Power Services Invision Power Board	Version 1.3
Invision Power Services Invision Power Board	Version 1.3_final

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://marc.info/?l=bugtraq&m=110868196922995&w=2

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/19399

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110868196922995&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/19399

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.