Lucene search
Invision Power ServicesInvision Power Board2.1.x
2 matches found
CVE-2008-6565
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
4.3CVSS5.9AI score0.00147EPSS
CVE-2006-2060
Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%0...
6.4CVSS6.8AI score0.02256EPSS