Vulnerabilities > CVE-2006-7064 - Cross-Site Scripting vulnerability in Invision Power Board
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. Given complete CIA triad impact because remote attackers can inject arbitrary web script or HTML as the administrator.