发布时间 :2005-03-30 00:00:00
修订时间 :2017-07-10 21:32:18

[原文]Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.

[CNNVD]Invision Power Board FINAL的SML代码 跨站脚本攻击漏洞(CNNVD-200503-158)

        Invision Power Board 1.3.1 FINAL的SML代码中存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过(1)签名文件或(2)其风格设为background:url的COLOR标记内含IMG标记的信息发布,来注入任意Web脚本。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  BUGTRAQ  20050217 Invision Power Boards 1.3.1 FINAL XSS Exploit
(UNKNOWN)  XF  invision-power-board-sml-xss(19399)

- 漏洞信息

Invision Power Board FINAL的SML代码 跨站脚本攻击漏洞
中危 跨站脚本
2005-03-30 00:00:00 2005-10-20 00:00:00
        Invision Power Board 1.3.1 FINAL的SML代码中存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过(1)签名文件或(2)其风格设为background:url的COLOR标记内含IMG标记的信息发布,来注入任意Web脚本。

- 公告与补丁


- 漏洞信息

Invision Power Board Signature File XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-17 Unknow
2005-02-17 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Invision Power Board SML Code Script Injection Vulnerability
Input Validation Error 12607
Yes No
2005-02-21 12:00:00 2009-07-12 10:56:00
Discovery of this vulnerability is credited to Daniel A. hoang yen reported that this issue affects Invision Board 2.0.3.

- 受影响的程序版本

Invision Power Services Invision Board 2.0.3
Invision Power Services Invision Board 1.3.1 Final
Invision Power Services Invision Board 1.3 Final
Invision Power Services Invision Board 1.3
Invision Power Services Invision Board 1.3
Invision Power Services Invision Board 1.2
Invision Power Services Invision Board 1.1.2
Invision Power Services Invision Board 1.1.1
Invision Power Services Invision Board 1.0.1
Invision Power Services Invision Board 1.0

- 漏洞讨论

Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content.

Since this could permit an attacker to inject hostile JavaScript into the forum system, it is possible to steal cookie credentials or misrepresent site content.

This vulnerability is reported to affect Invision Power Board version 1.3.1; previous versions might also be affected.

Invision Power Board 2.0.3 is also reported vulnerable to this issue.

- 漏洞利用

The following example is available:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascript:[code]") [/color]

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 相关参考