CVE-2007-2349

Published: Apr 30, 2007Modified: Apr 23, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.

Affected (2)

Products: Invision Power Services: Invision Power Board

Invision Power Services

1 product

Invision Power Board

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Invision Power Services Invision Power Board	Version 2.1
Invision Power Services Invision Power Board	Version 2.2

References (10)

http://forums.invisionpower.com/index.php?showtopic=234377

Source: cve@mitre.org

Patch

http://osvdb.org/35427

Source: cve@mitre.org

http://secunia.com/advisories/25021

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2007/1558

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/33942

Source: cve@mitre.org

http://forums.invisionpower.com/index.php?showtopic=234377