Vulnerabilities (CVE)

Filtered by vendor Invisionpower Subscribe
Filtered by product Invision Power Board
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6810 1 Invisionpower 1 Invision Power Board 2024-02-28 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
CVE-2014-9239 2 Invisioncommunity, Invisionpower 2 Invision Power Board, Invision Power Board 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
CVE-2012-5692 2 Invisioncommunity, Invisionpower 2 Invision Power Board, Invision Power Board 2024-02-28 10.0 HIGH N/A
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2006-0633 1 Invisionpower 1 Invision Power Board 2024-02-28 6.4 MEDIUM N/A
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.