HTTP: Referrer Header Cross-Site Scripting
This signature detects attempts to exploit a cross-site scripting vulnerability. Attackers can embed malicious HTML tags within the HTTP Referrer header; because some Web servers and server-side applications parse this data incorrectly, attackers can successfully execute a cross-site scripting attack.
Extended Description
Reportedly Invision Power Board is affected by a remote cross-site scripting vulnerability. This issue is due to a failure of the application to validate or sanitize user supplied input prior to including it in dynamic Web content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the vulnerable application, facilitating the theft of cookie-based authentication credentials as well as other attacks.
Affected Products
Invision_power_services invision_board
Short Name
HTTP:XSS:HDR-REFERRER
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-1578 CVE-2015-2294 CVE-2019-17120 Cross-Site Header Referrer Scripting bid:11332
Release Date
10/14/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Invision_power_services
CVSS Score
4.3