Vulnerabilities > CVE-2006-7064 - Cross-Site Scripting vulnerability in Invision Power Board

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
invision-power-services
critical

Summary

Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. Given complete CIA triad impact because remote attackers can inject arbitrary web script or HTML as the administrator.

Vulnerable Configurations

Part Description Count
Application
Invision_Power_Services
36