What is the severity of CVE-2014-3149?

CVE-2014-3149 is classified as a medium severity cross-site scripting (XSS) vulnerability.

How do I fix CVE-2014-3149?

To fix CVE-2014-3149, you should upgrade your Invision Power Board or IP.Nexus to the latest versions provided by Invision Community.

What versions are affected by CVE-2014-3149?

CVE-2014-3149 affects Invision Power Board versions 3.3.x and 3.4.x up to 3.4.6, as well as IP.Nexus versions 1.5.x up to 1.5.9.

Can CVE-2014-3149 be exploited remotely?

Yes, CVE-2014-3149 allows remote attackers to inject arbitrary web scripts or HTML due to the vulnerable nature of the application.

What type of vulnerability is CVE-2014-3149?

CVE-2014-3149 is a cross-site scripting (XSS) vulnerability that can lead to unauthorized access or information disclosure.

Vulnerability/
CVE-2014-3149

medium

4.3

CWE

3/7/2014

6/8/2024

CVE-2014-3149: XSS

First published: Thu Jul 03 2014(Updated: )

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Invision Power Board	=3.3.0
Invision Power Board	=3.3.0-alpha1
Invision Power Board	=3.3.0-alpha2
Invision Power Board	=3.3.0-beta1
Invision Power Board	=3.3.0-beta2
Invision Power Board	=3.3.0-beta3
Invision Power Board	=3.3.0-beta4
Invision Power Board	=3.3.1
Invision Power Board	=3.3.2
Invision Power Board	=3.3.3
Invision Power Board	=3.3.4
Invision Power Board	=3.4.0
Invision Power Board	=3.4.0-alpha1
Invision Power Board	=3.4.0-beta1
Invision Power Board	=3.4.0-beta2
Invision Power Board	=3.4.0-beta3
Invision Power Board	=3.4.0-beta4
Invision Power Board	=3.4.0-beta5
Invision Power Board	=3.4.1
Invision Power Board	=3.4.2
Invision Power Board	=3.4.3
Invision Power Board	=3.4.4
Invision Power Board	=3.4.5
Invision Power Board	=3.4.6
Invisionpower IP.Nexus	=1.5.0
Invisionpower IP.Nexus	=1.5.1
Invisionpower IP.Nexus	=1.5.2
Invisionpower IP.Nexus	=1.5.3
Invisionpower IP.Nexus	=1.5.4
Invisionpower IP.Nexus	=1.5.5
Invisionpower IP.Nexus	=1.5.6
Invisionpower IP.Nexus	=1.5.7
Invisionpower IP.Nexus	=1.5.8
Invisionpower IP.Nexus	=1.5.9

Remedy

http://community.invisionpower.com/topic/399747-ipboard-33x-34x-security-update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3149?
CVE-2014-3149 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2014-3149?
To fix CVE-2014-3149, you should upgrade your Invision Power Board or IP.Nexus to the latest versions provided by Invision Community.
What versions are affected by CVE-2014-3149?
CVE-2014-3149 affects Invision Power Board versions 3.3.x and 3.4.x up to 3.4.6, as well as IP.Nexus versions 1.5.x up to 1.5.9.
Can CVE-2014-3149 be exploited remotely?
Yes, CVE-2014-3149 allows remote attackers to inject arbitrary web scripts or HTML due to the vulnerable nature of the application.
What type of vulnerability is CVE-2014-3149?
CVE-2014-3149 is a cross-site scripting (XSS) vulnerability that can lead to unauthorized access or information disclosure.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/remedy
agent/references
agent/last-modified-date
agent/weakness
agent/first-publish-date
agent/softwarecombine
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/invisioncommunity
canonical/invision power board
version/invision power board/3.3.0
version/invision power board/3.3.0-alpha1
version/invision power board/3.3.0-alpha2
version/invision power board/3.3.0-beta1
version/invision power board/3.3.0-beta2
version/invision power board/3.3.0-beta3
version/invision power board/3.3.0-beta4
version/invision power board/3.3.1
version/invision power board/3.3.2
version/invision power board/3.3.3
version/invision power board/3.3.4
version/invision power board/3.4.0
version/invision power board/3.4.0-alpha1
version/invision power board/3.4.0-beta1
version/invision power board/3.4.0-beta2
version/invision power board/3.4.0-beta3
version/invision power board/3.4.0-beta4
version/invision power board/3.4.0-beta5
version/invision power board/3.4.1
version/invision power board/3.4.2
version/invision power board/3.4.3
version/invision power board/3.4.4
version/invision power board/3.4.5
version/invision power board/3.4.6
vendor/invisionpower
canonical/invisionpower ip.nexus
version/invisionpower ip.nexus/1.5.0
version/invisionpower ip.nexus/1.5.1
version/invisionpower ip.nexus/1.5.2
version/invisionpower ip.nexus/1.5.3
version/invisionpower ip.nexus/1.5.4
version/invisionpower ip.nexus/1.5.5
version/invisionpower ip.nexus/1.5.6
version/invisionpower ip.nexus/1.5.7
version/invisionpower ip.nexus/1.5.8
version/invisionpower ip.nexus/1.5.9

Frequently Asked Questions

What is the severity of CVE-2014-3149?
CVE-2014-3149 is classified as a medium severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2014-3149?
To fix CVE-2014-3149, you should upgrade your Invision Power Board or IP.Nexus to the latest versions provided by Invision Community.
What versions are affected by CVE-2014-3149?
CVE-2014-3149 affects Invision Power Board versions 3.3.x and 3.4.x up to 3.4.6, as well as IP.Nexus versions 1.5.x up to 1.5.9.
Can CVE-2014-3149 be exploited remotely?
Yes, CVE-2014-3149 allows remote attackers to inject arbitrary web scripts or HTML due to the vulnerable nature of the application.
What type of vulnerability is CVE-2014-3149?
CVE-2014-3149 is a cross-site scripting (XSS) vulnerability that can lead to unauthorized access or information disclosure.

CVE-2014-3149: XSS

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3149?

How do I fix CVE-2014-3149?

What versions are affected by CVE-2014-3149?

Can CVE-2014-3149 be exploited remotely?

What type of vulnerability is CVE-2014-3149?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2014-3149?

How do I fix CVE-2014-3149?

What versions are affected by CVE-2014-3149?

Can CVE-2014-3149 be exploited remotely?

What type of vulnerability is CVE-2014-3149?