CVE-2006-1326

EPSS 2.4%

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.

Affected products

n/a · n/a

public PoCs found — 7

exploitdbwww.exploit-db.com/exploits/27437unverified exploitdbwww.exploit-db.com/exploits/27438unverified exploitdbwww.exploit-db.com/exploits/27441unverified exploitdbwww.exploit-db.com/exploits/27440unverified exploitdbwww.exploit-db.com/exploits/27439unverified exploitdbwww.exploit-db.com/exploits/27436unverified exploitdbwww.exploit-db.com/exploits/27442unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://www.osvdb.org/25009 http://www.osvdb.org/25010 http://www.osvdb.org/25011 http://www.osvdb.org/25012 http://www.osvdb.org/25013 http://www.osvdb.org/25014 http://www.osvdb.org/25015 http://www.securityfocus.com/archive/1/428015/100/0/threaded http://www.securityfocus.com/bid/17144