Vulnerabilities > CVE-2006-1369 - Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.1/2.1.5/2.1Alpha2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
invision-power-services
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances. Update to version 2.1.5 (2006-03-08 or later).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |