Lucene search

[email protected]CVE-2006-7064

HistoryFeb 24, 2007 - 1:28 a.m.

CVE-2006-7064

2007-02-2401:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006

xss

web script injection

html injection

forum security

nvd

invision power board

5.9 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.4%

JSON

Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardeq2.0_pf1
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1_beta2
invision_power_services:invision_power_boardinvision power services invision power boardeq1.0
invision_power_services:invision_power_boardinvision power services invision power boardeq1.1.2
invision_power_services:invision_power_boardinvision power services invision power boardeq2.0.4
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1_rc1
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.1
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1.6
invision_power_services:invision_power_boardinvision power services invision power boardeq2.1_alpha2
invision_power_services:invision_power_boardinvision power services invision power boardeq2.0_alpha3

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	eq	2.0_pf1
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1_beta2
invision_power_services:invision_power_board	invision power services invision power board	eq	1.0
invision_power_services:invision_power_board	invision power services invision power board	eq	1.1.2
invision_power_services:invision_power_board	invision power services invision power board	eq	2.0.4
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1_rc1
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1.1
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1.6
invision_power_services:invision_power_board	invision power services invision power board	eq	2.1_alpha2
invision_power_services:invision_power_board	invision power services invision power board	eq	2.0_alpha3

Rows per page:

1-10 of 361

References

archives.neohapsis.com/archives/bugtraq/2006-06/0204.html

securityreason.com/securityalert/2307

www.securityfocus.com/bid/18450

exchange.xforce.ibmcloud.com/vulnerabilities/27069

5.9 Medium

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2006-7064

cvelist1 securityvulns1