IP.Board
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4928 | Hig | 0.57 | 8.8 | 0.01 | Mar 20, 2018 | SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. | ||
| CVE-2014-5106 | 0.00 | — | 0.01 | Jul 28, 2014 | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. | |||
| CVE-2014-3149 | 0.00 | — | 0.02 | Jul 3, 2014 | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or… | |||
| CVE-2010-3424 | 0.00 | — | 0.01 | Sep 16, 2010 | Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-4171 | 0.00 | — | 0.01 | Sep 22, 2008 | SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||
| CVE-2008-1359 | 0.00 | — | 0.01 | Mar 17, 2008 | Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913. | |||
| CVE-2008-0913 | 0.00 | — | 0.01 | Feb 22, 2008 | Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context. | |||
| CVE-2007-4912 | 0.00 | — | 0.01 | Sep 17, 2007 | Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other… | |||
| CVE-2007-4913 | 0.00 | — | 0.01 | Sep 17, 2007 | ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are… | |||
| CVE-2007-4914 | 0.00 | — | 0.01 | Sep 17, 2007 | Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1)… | |||
| CVE-2007-2963 | 0.00 | — | 0.02 | May 31, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4)… |
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.
- CVE-2014-5106Jul 28, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.
- CVE-2014-3149Jul 3, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or…
- CVE-2010-3424Sep 16, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-4171Sep 22, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
- CVE-2008-1359Mar 17, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.
- CVE-2008-0913Feb 22, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.
- CVE-2007-4912Sep 17, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other…
- CVE-2007-4913Sep 17, 2007risk 0.00cvss —epss 0.01
ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are…
- CVE-2007-4914Sep 17, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1)…
- CVE-2007-2963May 31, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4)…