NVD

Id
86120  
Name
CVE-2017-8899  
Description
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-05-27  
Published
2017-05-11  
Modified Date
2017-05-16  
Seq
2017-8899  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
67471 JVNDB-2017-003768 Invision Power Services Community Suite における認可・権限・アクセス制御に関する脆弱性 Invision Power Services (IPS) Community Suite には、認可・権限・アクセス制御に関する脆弱性が存在します。 CVE-2017-8899 0 CVE-2017-8899 86120 6.8 8.1 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-003768.html 2017-05-09 2017-06-07 View