Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Invisioncommunity Subscribe
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3974 1 Invisioncommunity 1 Invision Power Board 2020-06-03 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number.
CVE-2009-5159 2 Invisioncommunity, Microsoft 2 Invision Power Board, Internet Explorer 2020-03-18 4.3 MEDIUM 6.1 MEDIUM
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
CVE-2013-3725 1 Invisioncommunity 1 Invision Power Board 2020-02-25 7.5 HIGH 9.8 CRITICAL
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
CVE-2012-2226 1 Invisioncommunity 1 Invision Power Board 2020-01-14 7.5 HIGH 9.8 CRITICAL
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
CVE-2019-8278 1 Invisioncommunity 1 Invision Power Board 2019-03-07 4.3 MEDIUM 6.1 MEDIUM
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.