Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
invision power services invision power board 2.0 pf1 |
||
invision power services invision power board 2.1 beta2 |
||
invision power services invision power board 1.0 |
||
invision power services invision power board 1.1.2 |
||
invision power services invision power board 2.0.4 |
||
invision power services invision power board 2.1 rc1 |
||
invision power services invision power board 2.1.1 |
||
invision power services invision power board |
||
invision power services invision power board 2.1.6 |
||
invision power services invision power board 2.1 alpha2 |
||
invision power services invision power board 2.0 alpha3 |
||
invision power services invision power board 1.1.1 |
||
invision power services invision power board 2.1.5 2006-03-08 |
||
invision power services invision power board 2.1.2 |
||
invision power services invision power board 2.1.3 |
||
invision power services invision power board 1.0.3 |
||
invision power services invision power board 2.0 pdr3 |
||
invision power services invision power board 2.0 |
||
invision power services invision power board 2.1 beta5 |
||
invision power services invision power board 1.3 final |
||
invision power services invision power board 2.1.0 |
||
invision power services invision power board 1.2 |
||
invision power services invision power board 2.1.5 |
||
invision power services invision power board 2.0.0 |
||
invision power services invision power board 1.0.1 |
||
invision power services invision power board 2.0.3 |
||
invision power services invision power board 2.1 beta4 |
||
invision power services invision power board 2.1 |
||
invision power services invision power board 2.1 beta3 |
||
invision power services invision power board 2.1.4 |
||
invision power services invision power board 1.3.1 final |
||
invision power services invision power board 2.0 pf2 |
||
invision power services invision power board 2.0.2 |
||
invision power services invision power board 2.0.1 |
||
invision power services invision power board 1.3 |
||
invision power services invision power board 2.0.x |