CVE-2006-5204

2006-10-0919:00:00

mitre

www.cve.org

AI Score

6.1

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.

References

forums.invisionpower.com/index.php?showtopic=227937

secunia.com/advisories/22272

www.securityfocus.com/archive/1/447710/100/0/threaded

www.vupen.com/english/advisories/2006/3927

exchange.xforce.ibmcloud.com/vulnerabilities/29351