CVE-2005-1945

Name of the Vulnerable Software and Affected Versions Invision Blog versions prior to 1.1.2 Final

Description A cross-site scripting issue exists due to a vulnerability in the convert highlite words function. This allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.

Recommendations For versions prior to 1.1.2 Final, update to version 1.1.2 Final or later to resolve the issue. As a temporary workaround, consider disabling the convert highlite words function until a patch is available.