Filtered by vendor Invisioncommunity
Subscribe
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9239 | 2 Invisioncommunity, Invisionpower | 2 Invision Power Board, Invision Power Board | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. | |||||
CVE-2014-5106 | 1 Invisioncommunity | 1 Invision Power Board | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. | |||||
CVE-2012-5692 | 2 Invisioncommunity, Invisionpower | 2 Invision Power Board, Invision Power Board | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. | |||||
CVE-2010-3424 | 1 Invisioncommunity | 1 Invision Power Board | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-3974 | 1 Invisioncommunity | 1 Invision Power Board | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. |