Test ID:	1.3.6.1.4.1.25623.1.0.800387
Category:	Web application abuses
Title:	Invision Power Board Cross-Site Scripting Vulnerability
Summary:	Invision Power Board is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: Invision Power Board is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Improper sanitization of user supplied input in the signature data which can cause crafting malicious IFRAME or HTML tags to gain sensitive information about the web application or can cause injection of web pages to the web application. Vulnerability Impact: Successful exploitation will let attackers execute arbitrary code in the context of the affected web application and can cause various web related attacks by point to malicious IFRAME or HTML data. Affected Software/OS: Invision Power Board version 2.3.1 and prior. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6565 BugTraq ID: 28466 http://www.securityfocus.com/bid/28466 Bugtraq: 20080326 Invision Power Board <=2.3.x iFrame Vuln (Google Search) http://www.securityfocus.com/archive/1/490115/100/0/threaded XForce ISS Database: Invisionpowerboard-signature-xss(41502) https://exchange.xforce.ibmcloud.com/vulnerabilities/41502
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.