CVE-2005-0477

Invision Power Services Invision Power Board - XSS

Title source: rule
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Daniel A. · textwebappsphp
https://www.exploit-db.com/exploits/25143

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19399
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110868196922995&w=2

Scores

EPSS 0.0055
EPSS Percentile 68.1%

Details

CWE
CWE-79
Status published
Products (8)
invision_power_services/invision_power_board 1.0
invision_power_services/invision_power_board 1.0.1
invision_power_services/invision_power_board 1.1.1
invision_power_services/invision_power_board 1.1.2
invision_power_services/invision_power_board 1.2
invision_power_services/invision_power_board 1.3
invision_power_services/invision_power_board 1.3.1_final
invision_power_services/invision_power_board 1.3_final
Published Mar 30, 2005
Tracked Since Feb 18, 2026