CVE-2006-5204

Name of the Vulnerable Software and Affected Versions Invision Power Board (IPB) versions 2.1.7 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved by referencing a script in the avatar setting. The vulnerability can be leveraged for a cross-site request forgery (CSRF) attack, which may involve forced SQL execution by an admin.

Recommendations For Invision Power Board (IPB) versions 2.1.7 and earlier, update to a version later than 2.1.7 to resolve the issue. As a temporary workaround, consider restricting access to the avatar setting to minimize the risk of exploitation.