Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Invision Community 跨站脚本漏洞
Vulnerability Description
Invision Community是美国Invision公司的一个用于设计、开发移动应用UI的软件。 Invision Community 中存在跨站脚本漏洞,该漏洞源于产品允许上传文件到IFRAME元素中。攻击者可通过该漏洞依赖管理员安装小部件的能力在Referer header中暴露管理员回话ID。以下产品及版本受到影响:Invision Community 4.6.5.1 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A