PT-2017-18607 · Invision Power Services · Invision Power Board+2
Publicado
2017-05-11
·
Atualizado
2020-06-03
·
CVE-2017-8897
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Invision Power Services (IPS) Community Suite versions 4.1.19.2 and earlier
Description
The issue concerns a pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18. The attack vector is the "admin/convertutf8/index.php?controller=" endpoint. This vulnerability can be exploited to create a malicious announcement that affects any Invision Power Board user who views the announcement.
Recommendations
For Invision Power Services (IPS) Community Suite versions 4.1.19.2 and earlier, consider disabling the IPS UTF8 Converter v1.1.18 until a patch is available to prevent exploitation of the reflected XSS vulnerability. Restrict access to the "admin/convertutf8/index.php?controller=" endpoint to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ips Utf8 Converter
Invision Power Board
Invision Power Services Community Suite