CVE-2005-3547

Invision Power Board 2.1 - Cross-Site Scripting via Multiple Input Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3547. PoCs published by benjilenoob.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in Invision Power Board 2.1 due to insufficient input sanitization. It includes example URLs demonstrating how arbitrary script code can be executed in a user's browser context.

Description

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.

Exploits (1)

exploitdb WRITEUP VERIFIED

by benjilenoob · textwebappsphp

https://www.exploit-db.com/exploits/26478

View Code ZIP pw:eip

The provided text describes multiple XSS vulnerabilities in Invision Power Board 2.1 due to insufficient input sanitization. It includes example URLs demonstrating how arbitrary script code can be executed in a user's browser context.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Invision Power Board 2.1

No auth needed

Prerequisites: Access to the target application's admin.php endpoint

MITRE ATT&CK