CVE-2006-1326

Name of the Vulnerable Software and Affected Versions Invision Power Board version 2.0.4

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in different actions, including the result type, search in, nav, forums, s, st, m, y, d, t, MID, HID, active, sort order, max results, and sort key parameters in actions such as Search, index.php, calendar, Print, Mail, Help, and Members.

Recommendations For Invision Power Board version 2.0.4, consider disabling the vulnerable parameters, such as result type, search in, nav, forums, s, st, m, y, d, t, MID, HID, active, sort order, max results, and sort key, in their respective actions until a patch is available. Restrict access to the affected actions, including Search, index.php, calendar, Print, Mail, Help, and Members, to minimize the risk of exploitation. Avoid using these parameters in the affected actions until the issue is resolved.