Filtered by vendor Invisioncommunity
Subscribe
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5692 | 2 Invisioncommunity, Invisionpower | 2 Invision Power Board, Invision Power Board | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors. | |||||
CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | |||||
CVE-2010-3424 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-5159 | 2 Invisioncommunity, Microsoft | 2 Invision Power Board, Internet Explorer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | |||||
CVE-2009-3974 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. | |||||
CVE-2005-1947 | 1 Invisioncommunity | 1 Gallery | 2024-11-20 | 5.0 MEDIUM | 4.3 MEDIUM |
Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. |