lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <B907BAEE-ADB0-4077-AF8E-501DF3E360D9@Christian-Schneider.net>
Date: Tue, 1 Jul 2014 21:26:47 +0200
From: Christian Schneider <mail@...istian-Schneider.net>
To: bugtraq@...urityfocus.com
Subject: CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



CVE-2014-3149
===================
"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "Invision Power IP.Board" product


Vendor
===================
Invision Power Services Inc.


Product
===================
IP.Board
"IP.Board is the leading solution for creating an engaging discussion forum on the web. 
Trusted by thousands of forums, large and small." - source: https://www.invisionpower.com/apps/board/


Affected versions
===================
This vulnerability affects versions of IP.Board prior 3.4.6 as well as versions 3.3.x


Patch
===================
The vendor has released patches for versions 3.4.x and 3.3.x at 
http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security-update/


Reported by
===================
This issue was reported to the vendor by Christian Schneider (@cschneider4711) 
following a responsible disclosure process.


Severity
===================
Low


Exploitability
===================
Clickjacking or social engineering required


Description
===================
Using a specially crafted request to access the web forum software IP.Board it 
is possible to execute Reflected Cross-Site Scripting (XSS) attacks. Due to a 
token-based CSRF protection the actual exploitation is somewhat limited, since 
attackers have to trick victims (using Clickjacking or social engineering) 
into submitting an attacker supplied content. 


Proof of concept
===================
Due to the responsible disclosure process chosen and to not harm unpatched systems, 
no concrete exploit code will be presented in this advisory.


References
===================
http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security-update/
http://www.christian-schneider.net/advisories/CVE-2014-3149.txt


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAlOzCDAACgkQXYAsOfddvFNgVwCggTYy8+9mVPUlXYu4ugzMqsLI
z+gAn1RfHeDRt2OfaQuEendLdcvsumtF
=grTH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ