InvisionpowerCVEs & Vulnerabilities

6 CVEs affecting Invisionpower products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

invision power board 23ip.nexus 10ibphotohost 1
CVE-2015-6810LOWpoc

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.

4 Sep 2015
3.5
CVSS
CVE-2014-9239HIGH

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.

3 Dec 2014
7.5
CVSS
CVE-2014-3149MEDIUM

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3 Jul 2014
4.3
CVSS
CVE-2012-5692CRITICALpoc

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

31 Oct 2012
10.0
CVSS
CVE-2010-3601HIGHpoc

SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.

25 Sep 2010
7.5
CVSS
CVE-2006-0633MEDIUM

The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.

10 Feb 2006
6.4
CVSS
← PrevPage 1 / 1Next →