CVE-2009-5159 — Cross-site Scripting in Invision Power Board

Severity

6.1MEDIUMNVD

EPSS

0.8%

top 26.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 13

Latest updateApr 21

Description

Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

GHSA

GHSA-j3qr-fx7r-mr5r: Invision Power Board (aka IPB or IP↗2022-04-21

▶

CVEList

CVE-2009-5159: Invision Power Board (aka IPB or IP↗2020-03-13

▶