CVE-2008-0913

Published: Feb 22, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.

Affected (1)

Products: Invision Power Services: Invision Power Board

Invision Power Services

1 product

Invision Power Board

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Invision Power Services Invision Power Board	Version 2.3.4

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://forums.invisionpower.com/index.php?showtopic=269961

Source: cve@mitre.org

Patch

http://secunia.com/advisories/29055

Source: cve@mitre.org

Vendor Advisory

http://forums.invisionpower.com/index.php?showtopic=269961

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/29055

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.