BugTraq
CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board" Jul 01 2014 07:26PM
Christian Schneider (mail Christian-Schneider net)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2014-3149
===================
"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "Invision Power IP.Board" product

Vendor
===================
Invision Power Services Inc.

Product
===================
IP.Board
"IP.Board is the leading solution for creating an engaging discussion forum on the web.
Trusted by thousands of forums, large and small." - source: https://www.invisionpower.com/apps/board/

Affected versions
===================
This vulnerability affects versions of IP.Board prior 3.4.6 as well as versions 3.3.x

Patch
===================
The vendor has released patches for versions 3.4.x and 3.3.x at
http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security
-update/

Reported by
===================
This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.

Severity
===================
Low

Exploitability
===================
Clickjacking or social engineering required

Description
===================
Using a specially crafted request to access the web forum software IP.Board it
is possible to execute Reflected Cross-Site Scripting (XSS) attacks. Due to a
token-based CSRF protection the actual exploitation is somewhat limited, since
attackers have to trick victims (using Clickjacking or social engineering)
into submitting an attacker supplied content.

Proof of concept
===================
Due to the responsible disclosure process chosen and to not harm unpatched systems,
no concrete exploit code will be presented in this advisory.

References
===================
http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security
-update/
http://www.christian-schneider.net/advisories/CVE-2014-3149.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAlOzCDAACgkQXYAsOfddvFNgVwCggTYy8+9mVPUlXYu4ugzMqsLI
z+gAn1RfHeDRt2OfaQuEendLdcvsumtF
=grTH
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus