CVE-2021-39250

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).

Invision Community (también se conoce como IPS Community Suite o IP-Board) versiones anteriores a 4.6.5.1 permite un ataque de tipo XSS almacenado, con la consiguiente ejecución de código, porque un archivo cargado puede colocarse en un elemento IFRAME dentro del contenido generado por el usuario. Para la ejecución de código, el atacante puede confiar en la habilidad de un administrador para instalar widgets, la divulgación del ID de sesión del administrador en un encabezado Referer, y la habilidad de un administrador para usar el motor de plantillas (por ejemplo, Editar HTML).

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-08-17 CVE Reserved
2021-08-17 CVE Published
2023-03-10 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://invisioncommunity.com/release-notes/4651-r102	2021-08-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Invisioncommunity Search vendor "Invisioncommunity"		Invision Power Board Search vendor "Invisioncommunity" for product "Invision Power Board"				< 4.6.5.1 Search vendor "Invisioncommunity" for product "Invision Power Board" and version " < 4.6.5.1"		-		Affected