NVD

Id
63810  
Name
CVE-2006-5204  
Description
Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.  
Reject
 
CVSS Version
2  
CVSS Score
2.1  
Severity
Low  
CVSS Base Score
2.1  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:N/AC:H/Au:S/C:N/I:P/A:N)  
Pub Date
2016-12-20  
Published
2006-10-10  
Modified Date
2011-03-07  
Seq
2006-5204  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
332587 63810 CVE-2006-5204 http://forums.invisionpower.com/index.php?showtopic=227937  View
332588 63810 CVE-2006-5204 20061004 Invision Power Board Multiple Vulnerabilities  View
332589 63810 CVE-2006-5204 ADV-2006-3927  View
332590 63810 CVE-2006-5204 ipb-avatar-image-xss(29351)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
59970 JVNDB-2006-002236 IPB の action_admin/member.php におけるクロスサイトスクリプティングの脆弱性 Invision Power Board (IPB) の action_admin/member.php には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2006-5204 21306 CVE-2006-5204 63810 2.1 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-002236.html 2006-10-05 2012-09-25 View