製品・ソフトウェアに関する情報

JVN脆弱性詳細

IP.Board におけるクロスサイトスクリプティングの脆弱性

Title	IP.Board におけるクロスサイトスクリプティングの脆弱性
Summary	Invision Power Board (IPB または IP.Board) には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、以下を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。 (1) jscripts/folder_rte_files/ 配下の module_bbcodeloader.php (2) jscripts/folder_rte_files/ 配下の module_div.php (3) jscripts/folder_rte_files/ 配下の module_email.php (4) jscripts/folder_rte_files/ 配下の module_image.php (5) jscripts/folder_rte_files/ 配下の module_link.php (6) jscripts/folder_rte_files/ 配下の module_table.php の editorid パラメータ
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 30, 2007, midnight
Registration Date	Sept. 25, 2012, 4:47 p.m.
Last Update	Sept. 25, 2012, 4:47 p.m.

Affected System

Invision Power Services, Inc

IPS Community Suite (旧 Invision Power Board) 2.2.2 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2963	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2963
National Vulnerability Database (NVD)
2	CVE-2007-2963	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2963

ベンダー情報

No	Name	URL
Invision Power Services
1	IP.Board 2.2.x XSS Update	http://community.invisionpower.com/topic/235069-ipboard-22x-xss-update/

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-2963

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
Summary	Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IPB o IP.Board) 2.2.2 y, posiblemente, versiones anteriores, permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php o (6) el parámetro editorid en el module_table.php del jscripts/folder_rte_files/. NOTA: algunos de estos detalles se obtienen a partir de la información de terceros.
Publication Date	June 1, 2007, 8:30 a.m.
Registration Date	Jan. 29, 2021, 2:13 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:invision_power_services:invision_power_board::::::::			2.2.2

Related information, measures and tools

No	URL	refsource
1	http://forums.invisionpower.com/index.php?showtopic=235069	cve@mitre.org
2	http://osvdb.org/35430	cve@mitre.org
3	http://osvdb.org/35431	cve@mitre.org
4	http://osvdb.org/35432	cve@mitre.org
5	http://osvdb.org/35433	cve@mitre.org
6	http://osvdb.org/35434	cve@mitre.org
7	http://osvdb.org/35435	cve@mitre.org
8	http://secunia.com/advisories/25437	cve@mitre.org
9	http://www.securityfocus.com/bid/24244	cve@mitre.org
10	http://www.vupen.com/english/advisories/2007/1993	cve@mitre.org
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/34616	cve@mitre.org
12	http://forums.invisionpower.com/index.php?showtopic=235069	af854a3a-2127-422b-91ae-364da2661108
13	http://osvdb.org/35430	af854a3a-2127-422b-91ae-364da2661108
14	http://osvdb.org/35431	af854a3a-2127-422b-91ae-364da2661108
15	http://osvdb.org/35432	af854a3a-2127-422b-91ae-364da2661108
16	http://osvdb.org/35433	af854a3a-2127-422b-91ae-364da2661108
17	http://osvdb.org/35434	af854a3a-2127-422b-91ae-364da2661108
18	http://osvdb.org/35435	af854a3a-2127-422b-91ae-364da2661108
19	http://secunia.com/advisories/25437	af854a3a-2127-422b-91ae-364da2661108
20	http://www.securityfocus.com/bid/24244	af854a3a-2127-422b-91ae-364da2661108
21	http://www.vupen.com/english/advisories/2007/1993	af854a3a-2127-422b-91ae-364da2661108
22	https://exchange.xforce.ibmcloud.com/vulnerabilities/34616	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List