Skip to main content

Invision Power Board CVE-2014-3149

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2014-07-03 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 03, 2014 - 14:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected products include: Invisioncommunity Invision Power Board, Invisionpower Ip.Nexus. Version information: through 3.4.6.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2012-5692 CRITICAL POC
10.0 Oct 31

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3

CVE-2016-6174 HIGH POC
8.1 Jul 12

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Bo

CVE-2017-8898 CRITICAL POC
9.8 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privile

CVE-2017-8899 HIGH POC
8.1 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclos

CVE-2014-9239 HIGH POC
7.5 Dec 03

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (ak

CVE-2017-8897 MEDIUM POC
6.1 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter

CVE-2021-39249 MEDIUM POC
6.1 Aug 17

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of up

CVE-2019-8278 MEDIUM POC
6.1 Mar 02

Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. Rated medium severity (CVSS 6.

CVE-2021-39250 MEDIUM POC
5.4 Aug 17

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution

CVE-2015-6812 HIGH
7.8 Sep 04

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remot

CVE-2015-6810 LOW POC
3.5 Sep 04

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB,

CVE-2016-2564 MEDIUM
5.9 Apr 23

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid func

Share

CVE-2014-3149 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy