Vulnerability Description Vulnerability Type: HTML Injection Product: Invision Power Board D22-Shoutbox Version: N/A Risk Level: Low Vulnerability Details CVSS Base Score: 4.3/10 Exploitability Subscore: 8.6/10 Impact Subscore: 2.9/10 Impact Details: - Confidentiality Impact: None - Integrity Impact: Partial - Availability Impact: None Exploit Scope: Remote Impact Risk: Low CVSS Subscores: - Impact Subscore: 2.9 - Exploitability Subscore: 8.6 - Attack Complexity: Medium - Authentication: None Required Vulnerability Description: D22-Shoutbox is vulnerable due to improper HTML tag filtering, allowing attackers to execute arbitrary script code via the browser, potentially stealing cookie-based authentication information and launching further attacks. Official Information CREDI: Doz CVE ID: CVE-2007-4487 Vendor: - URL: http://www.dscripting.com/ - Hackers Center Security Organization: http://www.hackerscenter.com Attack Method Product Category: Input Validation Error Remote: Yes Local: N/A Version: N/A Exploit Description: Attackers can exploit this vulnerability without using any tools, directly through the website browser. Comments & Votes Vote Results: 50% in favor, 50% against Proof > Only becoming a hacker you can stop a hacker. Where can you learn without having to pay thousands! - http://kit.hackerscenter.com - The most comprehensive security pack you will ever find on the net! Timeline Disclosure Date: 2007.08.24 Release Date: 2007.08.24