Vulnerabilities > CVE-2006-1326 - Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.0.4
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description Invision Power Services Invision Board 2.0.4 index.php st Parameter XSS. CVE-2006-1326. Webapps exploit for php platform id EDB-ID:27437 last seen 2016-02-03 modified 2006-03-17 published 2006-03-17 reporter Mr.SNAKE source https://www.exploit-db.com/download/27437/ title Invision Power Services Invision Board 2.0.4 index.php st Parameter XSS description Invision Power Services Invision Board 2.0.4 Help Action HID Parameter XSS. CVE-2006-1326. Webapps exploit for php platform id EDB-ID:27441 last seen 2016-02-03 modified 2006-03-17 published 2006-03-17 reporter Mr.SNAKE source https://www.exploit-db.com/download/27441/ title Invision Power Services Invision Board 2.0.4 Help Action HID Parameter XSS description Invision Power Services Invision Board 2.0.4 Search Action Multiple Parameter XSS. CVE-2006-1326. Webapps exploit for php platform id EDB-ID:27436 last seen 2016-02-03 modified 2006-03-17 published 2006-03-17 reporter Mr.SNAKE source https://www.exploit-db.com/download/27436/ title Invision Power Services Invision Board 2.0.4 - Search Action Multiple Parameter XSS description Invision Power Services Invision Board 2.0.4 Print Action t Parameter XSS. CVE-2006-1326. Webapps exploit for php platform id EDB-ID:27439 last seen 2016-02-03 modified 2006-03-17 published 2006-03-17 reporter Mr.SNAKE source https://www.exploit-db.com/download/27439/ title Invision Power Services Invision Board 2.0.4 Print Action t Parameter XSS description Invision Power Services Invision Board 2.0.4 Mail Action MID Parameter XSS. CVE-2006-1326. Webapps exploit for php platform id EDB-ID:27440 last seen 2016-02-03 modified 2006-03-17 published 2006-03-17 reporter Mr.SNAKE source https://www.exploit-db.com/download/27440/ title Invision Power Services Invision Board 2.0.4 Mail Action MID Parameter XSS description Invision Power Services Invision Board 2.0.4 Calendar Action Multiple Parameter XSS. CVE-2006-1326. Webapps exploit for php platform id EDB-ID:27438 last seen 2016-02-03 modified 2006-03-17 published 2006-03-17 reporter Mr.SNAKE source https://www.exploit-db.com/download/27438/ title Invision Power Services Invision Board 2.0.4 Calendar Action Multiple Parameter XSS description Invision Power Services Invision Board 2.0.4 Members Action Multiple Parameter XSS. CVE-2006-1326. Webapps exploit for php platform id EDB-ID:27442 last seen 2016-02-03 modified 2006-03-17 published 2006-03-17 reporter Mr.SNAKE source https://www.exploit-db.com/download/27442/ title Invision Power Services Invision Board 2.0.4 Members Action Multiple Parameter XSS