CVE-2019-8278

6.1MEDIUM

Key Information:

Vendor: Kaspersky
Status: Invision Power Board
Vendor: CVE Published:; 2 March 2019

Summary

Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.

Affected Version(s)

Invision Power Board 3.3.1 - 3.4.8

References

http://www.securityfocus.com/bid/107258

vdb-entryx_refsource_BID

https://scriptinjection.blogspot.com/2019/02/invision-pow...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 2, 2019
Vulnerability Reserved
Feb 12, 2019

.