VYPR
Unrated severityNVD Advisory· Published Sep 17, 2007· Updated Jun 16, 2026

CVE-2007-4912

CVE-2007-4912

Description

Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.

Affected products

9
  • cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*
    • cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*
    • cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*
  • Range: <=20070912
  • Range: <=20070912
  • Range: <=20070912

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.