Lucene search

[email protected]CVE-2006-1326

HistoryMar 21, 2006 - 1:06 a.m.

CVE-2006-1326

2006-03-2101:06:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-1326

cross-site scripting

xss

invision power board

remote attackers

web script

html

vulnerabilities

security advisory

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardeq2.0.4

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	eq	2.0.4

References

www.osvdb.org/25009

www.osvdb.org/25010

www.osvdb.org/25011

www.osvdb.org/25012

www.osvdb.org/25013

www.osvdb.org/25014

www.osvdb.org/25015

www.securityfocus.com/archive/1/428015/100/0/threaded

www.securityfocus.com/bid/17144

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2006-1326

prion1