Lucene search

[email protected]CVE-2006-5204

HistoryOct 10, 2006 - 4:06 a.m.

CVE-2006-5204

2006-10-1004:06:00

[email protected]

web.nvd.nist.gov

cve-2006-5204

cross-site scripting

xss

invision power board

ipb

csrf

sql execution

nvd

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.

Affected configurations

NVD

Node

invision_power_servicesinvision_power_boardRange≤2.1.7

invision_power_servicesinvision_power_boardMatch1.0

invision_power_servicesinvision_power_boardMatch1.0.1

invision_power_servicesinvision_power_boardMatch1.0.3

invision_power_servicesinvision_power_boardMatch1.1.1

invision_power_servicesinvision_power_boardMatch1.1.2

invision_power_servicesinvision_power_boardMatch1.2

invision_power_servicesinvision_power_boardMatch1.3

invision_power_servicesinvision_power_boardMatch1.3.1_final

invision_power_servicesinvision_power_boardMatch1.3_final

invision_power_servicesinvision_power_boardMatch2.0

invision_power_servicesinvision_power_boardMatch2.0.0

invision_power_servicesinvision_power_boardMatch2.0.1

invision_power_servicesinvision_power_boardMatch2.0.2

invision_power_servicesinvision_power_boardMatch2.0.3

invision_power_servicesinvision_power_boardMatch2.0.4

invision_power_servicesinvision_power_boardMatch2.0.x

invision_power_servicesinvision_power_boardMatch2.0_alpha3

invision_power_servicesinvision_power_boardMatch2.0_pdr3

invision_power_servicesinvision_power_boardMatch2.0_pf1

invision_power_servicesinvision_power_boardMatch2.0_pf2

invision_power_servicesinvision_power_boardMatch2.1

invision_power_servicesinvision_power_boardMatch2.1.0

invision_power_servicesinvision_power_boardMatch2.1.1

invision_power_servicesinvision_power_boardMatch2.1.2

invision_power_servicesinvision_power_boardMatch2.1.3

invision_power_servicesinvision_power_boardMatch2.1.4

invision_power_servicesinvision_power_boardMatch2.1.5

invision_power_servicesinvision_power_boardMatch2.1.5_2006-03-08

invision_power_servicesinvision_power_boardMatch2.1.6

invision_power_servicesinvision_power_boardMatch2.1_alpha2

invision_power_servicesinvision_power_boardMatch2.1_beta2

invision_power_servicesinvision_power_boardMatch2.1_beta3

invision_power_servicesinvision_power_boardMatch2.1_beta4

invision_power_servicesinvision_power_boardMatch2.1_beta5

invision_power_servicesinvision_power_boardMatch2.1_rc1

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardle2.1.7
invision_power_services:invision_power_boardinvision power services invision power boardeq1.0
invision_power_services:invision_power_boardinvision power services invision power boardeq1.0.1
invision_power_services:invision_power_boardinvision power services invision power boardeq1.0.3
invision_power_services:invision_power_boardinvision power services invision power boardeq1.1.1
invision_power_services:invision_power_boardinvision power services invision power boardeq1.1.2
invision_power_services:invision_power_boardinvision power services invision power boardeq1.2
invision_power_services:invision_power_boardinvision power services invision power boardeq1.3
invision_power_services:invision_power_boardinvision power services invision power boardeq1.3.1_final
invision_power_services:invision_power_boardinvision power services invision power boardeq1.3_final

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	le	2.1.7
invision_power_services:invision_power_board	invision power services invision power board	eq	1.0
invision_power_services:invision_power_board	invision power services invision power board	eq	1.0.1
invision_power_services:invision_power_board	invision power services invision power board	eq	1.0.3
invision_power_services:invision_power_board	invision power services invision power board	eq	1.1.1
invision_power_services:invision_power_board	invision power services invision power board	eq	1.1.2
invision_power_services:invision_power_board	invision power services invision power board	eq	1.2
invision_power_services:invision_power_board	invision power services invision power board	eq	1.3
invision_power_services:invision_power_board	invision power services invision power board	eq	1.3.1_final
invision_power_services:invision_power_board	invision power services invision power board	eq	1.3_final

Rows per page:

1-10 of 361

References

forums.invisionpower.com/index.php?showtopic=227937

secunia.com/advisories/22272

www.securityfocus.com/archive/1/447710/100/0/threaded

www.vupen.com/english/advisories/2006/3927

exchange.xforce.ibmcloud.com/vulnerabilities/29351

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

Related for CVE-2006-5204

cvelist1 nvd1