Code injection

Unspecified vulnerability in sources/actionpublic/xmlout.php in Invision Power Board IPB or IP.Board 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity...