CVE-2006-3197

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.

Affected Software

Name	Vendor	Start Version	End Version
Invision_power_board	Invision_power_services	2.1 (including)	2.1 (including)
Invision_power_board	Invision_power_services	2.1.0 (including)	2.1.0 (including)
Invision_power_board	Invision_power_services	2.1.1 (including)	2.1.1 (including)
Invision_power_board	Invision_power_services	2.1.2 (including)	2.1.2 (including)
Invision_power_board	Invision_power_services	2.1.3 (including)	2.1.3 (including)
Invision_power_board	Invision_power_services	2.1.4 (including)	2.1.4 (including)
Invision_power_board	Invision_power_services	2.1.5 (including)	2.1.5 (including)
Invision_power_board	Invision_power_services	2.1.6 (including)	2.1.6 (including)
Invision_power_board	Invision_power_services	2.1_alpha2 (including)	2.1_alpha2 (including)
Invision_power_board	Invision_power_services	2.1_beta2 (including)	2.1_beta2 (including)
Invision_power_board	Invision_power_services	2.1_beta3 (including)	2.1_beta3 (including)
Invision_power_board	Invision_power_services	2.1_beta4 (including)	2.1_beta4 (including)
Invision_power_board	Invision_power_services	2.1_beta5 (including)	2.1_beta5 (including)
Invision_power_board	Invision_power_services	2.1_rc1 (including)	2.1_rc1 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3197
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References