CVE Vulnerabilities

CVE-2006-5204

Published: Oct 10, 2006 | Modified: Oct 17, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:N/AC:H/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.

Affected Software

Name Vendor Start Version End Version
Invision_power_board Invision_power_services 1.0 1.0
Invision_power_board Invision_power_services 1.0.1 1.0.1
Invision_power_board Invision_power_services 1.0.3 1.0.3
Invision_power_board Invision_power_services 1.1.1 1.1.1
Invision_power_board Invision_power_services 1.1.2 1.1.2
Invision_power_board Invision_power_services 1.2 1.2
Invision_power_board Invision_power_services 1.3 1.3
Invision_power_board Invision_power_services 1.3.1_final 1.3.1_final
Invision_power_board Invision_power_services 1.3_final 1.3_final
Invision_power_board Invision_power_services 2.0 2.0
Invision_power_board Invision_power_services 2.0.0 2.0.0
Invision_power_board Invision_power_services 2.0.1 2.0.1
Invision_power_board Invision_power_services 2.0.2 2.0.2
Invision_power_board Invision_power_services 2.0.3 2.0.3
Invision_power_board Invision_power_services 2.0.4 2.0.4
Invision_power_board Invision_power_services 2.0.x 2.0.x
Invision_power_board Invision_power_services 2.0_alpha3 2.0_alpha3
Invision_power_board Invision_power_services 2.0_pdr3 2.0_pdr3
Invision_power_board Invision_power_services 2.0_pf1 2.0_pf1
Invision_power_board Invision_power_services 2.0_pf2 2.0_pf2
Invision_power_board Invision_power_services 2.1 2.1
Invision_power_board Invision_power_services 2.1.0 2.1.0
Invision_power_board Invision_power_services 2.1.1 2.1.1
Invision_power_board Invision_power_services 2.1.2 2.1.2
Invision_power_board Invision_power_services 2.1.3 2.1.3
Invision_power_board Invision_power_services 2.1.4 2.1.4
Invision_power_board Invision_power_services 2.1.5 2.1.5
Invision_power_board Invision_power_services 2.1.5_2006-03-08 2.1.5_2006-03-08
Invision_power_board Invision_power_services 2.1.6 2.1.6
Invision_power_board Invision_power_services * 2.1.7
Invision_power_board Invision_power_services 2.1_alpha2 2.1_alpha2
Invision_power_board Invision_power_services 2.1_beta2 2.1_beta2
Invision_power_board Invision_power_services 2.1_beta3 2.1_beta3
Invision_power_board Invision_power_services 2.1_beta4 2.1_beta4
Invision_power_board Invision_power_services 2.1_beta5 2.1_beta5
Invision_power_board Invision_power_services 2.1_rc1 2.1_rc1

References