CVE-2014-5106

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
invisioncommunityinvision_power_board
3.4.0
invisioncommunityinvision_power_board
3.4.0:alpha1
invisioncommunityinvision_power_board
3.4.0:beta1
invisioncommunityinvision_power_board
3.4.0:beta2
invisioncommunityinvision_power_board
3.4.0:beta3
invisioncommunityinvision_power_board
3.4.0:beta4
invisioncommunityinvision_power_board
3.4.0:beta5
invisioncommunityinvision_power_board
3.4.1
invisioncommunityinvision_power_board
3.4.2
invisioncommunityinvision_power_board
3.4.3
invisioncommunityinvision_power_board
3.4.4
invisioncommunityinvision_power_board
3.4.5
invisioncommunityinvision_power_board
3.4.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/532822/100/0/threaded
http://www.securityfocus.com/bid/68705
https://exchange.xforce.ibmcloud.com/vulnerabilities/94693
http://www.securityfocus.com/archive/1/532822/100/0/threaded
http://www.securityfocus.com/bid/68705
https://exchange.xforce.ibmcloud.com/vulnerabilities/94693