Invision Power Board@* Security Vulnerabilities and Issues — Invision Power Board@* CVE List

Lucene search

Invision Power ServicesInvision Power Board*

10 matches found

CVE•added 2007/10/29 7:46 p.m.•50 views

CVE-2007-5688

Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.

7.5CVSS8.6AI score0.0037EPSS

CVE•added 2006/04/29 10:2 a.m.•40 views

CVE-2006-2097

SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).

7.5CVSS8.3AI score0.00698EPSS

CVE•added 2007/05/31 11:30 p.m.•40 views

CVE-2007-2963

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link....

4.3CVSS6AI score0.00863EPSS

CVE•added 2008/03/17 5:44 p.m.•35 views

CVE-2008-1359

Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.

4.3CVSS5.7AI score0.00245EPSS

CVE•added 2009/03/31 5:30 p.m.•33 views

CVE-2008-6565

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.

4.3CVSS5.9AI score0.00147EPSS

CVE•added 2006/10/10 4:6 a.m.•31 views

CVE-2006-5203

Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the...

5.1CVSS7.9AI score0.00306EPSS

CVE•added 2006/10/10 4:6 a.m.•30 views

CVE-2006-5204

Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CS...

2.1CVSS6.3AI score0.00479EPSS

CVE•added 2007/09/17 5:17 p.m.•29 views

CVE-2007-4913

ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios un...

7.5CVSS6.8AI score0.0042EPSS

CVE•added 2006/08/16 10:4 p.m.•28 views

CVE-2006-4155

Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."

7.5CVSS7AI score0.00537EPSS

CVE•added 2007/09/17 5:17 p.m.•25 views

CVE-2007-4914

Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) c...

6CVSS6.4AI score0.00973EPSS