Vulnerabilities > CVE-2006-3197 - HTML Injection vulnerability in Invision Power Board

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

invision-power-services

NVD

Published: 2006-06-23

Updated: 2017-07-20

Summary

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.

Vulnerable Configurations

Part	Description	Count
Application	Invision_Power_Services Invision Power Services Invision Power Board 2.1 Invision Power Services Invision Power Board 2.1.0 Invision Power Services Invision Power Board 2.1.1 Invision Power Services Invision Power Board 2.1.2 Invision Power Services Invision Power Board 2.1.3 Invision Power Services Invision Power Board 2.1.4 Invision Power Services Invision Power Board 2.1.5 Invision Power Services Invision Power Board 2.1.6 Invision Power Services Invision Power Board 2.1_Alpha2 Invision Power Services Invision Power Board 2.1_Beta2 Invision Power Services Invision Power Board 2.1_Beta3 Invision Power Services Invision Power Board 2.1_Beta4 Invision Power Services Invision Power Board 2.1_Beta5 Invision Power Services Invision Power Board 2.1_Rc1	14

Summary

Vulnerable Configurations

References