Description
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by benjilenoob · textwebappsphp
https://www.exploit-db.com/exploits/26478
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/415801/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22999
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20520
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20519
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15344
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17443
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20518
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20516
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20517
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15345
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20521
Various Sources x_refsource_misc
http://benji.redkod.org/audits/ipb.2.1.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/20522
Scores
EPSS
0.0147
EPSS Percentile
81.0%
Details
Status
published
Products (1)
invision_power_services/invision_board
2.1
Published
Nov 16, 2005
Tracked Since
Feb 18, 2026