Published: 03/07/2014 Updated: 03/06/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x up to and including 3.4.6, as downloaded prior to 20140424, or IP.Nexus 1.5.x up to and including 1.5.9, as downloaded prior to 20140424, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
invisionpower ip.nexus 1.5.6
invisionpower ip.nexus 1.5.5
invisioncommunity invision power board 3.3.0
invisioncommunity invision power board 3.3.3
invisioncommunity invision power board 3.3.4
invisioncommunity invision power board 3.4.0
invisioncommunity invision power board 3.4.1
invisioncommunity invision power board 3.4.2
invisionpower ip.nexus 1.5.4
invisionpower ip.nexus 1.5.3
invisioncommunity invision power board 3.4.3
invisioncommunity invision power board 3.4.4
invisionpower ip.nexus 1.5.8
invisionpower ip.nexus 1.5.7
invisionpower ip.nexus 1.5.0
invisioncommunity invision power board 3.3.1
invisioncommunity invision power board 3.3.2
invisionpower ip.nexus 1.5.9
invisionpower ip.nexus 1.5.2
invisionpower ip.nexus 1.5.1
invisioncommunity invision power board 3.4.5
invisioncommunity invision power board 3.4.6

CWE-79 http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security-update http://www.christian-schneider.net/advisories/CVE-2014-3149.txt http://www.securityfocus.com/bid/67164 http://packetstormsecurity.com/files/127328/IP.Board-3.4.x-3.3.x-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/532618/100/0/threaded https://nvd.nist.gov

CVE-2014-3149

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect