Intrusion Prevention

PHP.Invision.Power.Board.Multiple.XSS

Description

It indicates an attacker is attempting a Cross Site Scripting attack against Invision Power Board. Multiple vulnerabilities exist in Invision Power Services that could lead to the execution of arbitrary code because of a lack of input validation in the "c", "showtopic", "f", "showuser", and "username" parameters.

Affected Products

Invision Power Services Invision Board 1.3 Final

Impact

Compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2004-0359