FKIE_CVE-2005-3547

Vulnerability from fkie_nvd - Published: 2005-11-16 07:42 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.
References
cve@mitre.orghttp://benji.redkod.org/audits/ipb.2.1.pdf
cve@mitre.orghttp://osvdb.org/20516
cve@mitre.orghttp://osvdb.org/20517
cve@mitre.orghttp://osvdb.org/20518
cve@mitre.orghttp://osvdb.org/20519
cve@mitre.orghttp://osvdb.org/20520
cve@mitre.orghttp://osvdb.org/20521
cve@mitre.orghttp://osvdb.org/20522
cve@mitre.orghttp://secunia.com/advisories/17443Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/415801/30/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/15344
cve@mitre.orghttp://www.securityfocus.com/bid/15345
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/22999
af854a3a-2127-422b-91ae-364da2661108http://benji.redkod.org/audits/ipb.2.1.pdf
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/20516
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/20517
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/20518
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/20519
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/20520
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/20521
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/20522
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17443Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/415801/30/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15344
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15345
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/22999
Impacted products
Vendor Product Version
invision_power_services invision_board 2.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invision_power_services:invision_board:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05FA7E1F-D9D2-419F-A9DE-7BE4253F897E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board 2.1 permite a atacantes remotos inyectar web scritp o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) adsess, (2) name y (3) description en admin.php, y (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, y otros m\u00faltiples campos de entrada.\r\n"
    }
  ],
  "id": "CVE-2005-3547",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-16T07:42:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://benji.redkod.org/audits/ipb.2.1.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/20516"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/20517"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/20518"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/20519"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/20520"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/20521"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/20522"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17443"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15344"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15345"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://benji.redkod.org/audits/ipb.2.1.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/20516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/20517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/20518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/20519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/20520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/20521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/20522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.