Invision Power Services Invision Power Board — known CVE vulnerabilities
Every CVE whose affected-product data names Invision Power Services Invision Power Board, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2006-7064 — CVSS 9.3 (critical): Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to…
CVE-2007-3219 — CVSS 7.8 (high): Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote…
CVE-2007-5688 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision…
CVE-2007-4913 — CVSS 7.5 (high): ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to upload arbitrary…
CVE-2005-1598 — CVSS 7.5 (high): SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a…
CVE-2006-7071 — CVSS 7.5 (high): SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute…
CVE-2006-4155 — CVSS 7.5 (high): Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s…
CVE-2006-1076 — CVSS 7.5 (high): SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote…
CVE-2006-3543 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands…
CVE-2006-2217 — CVSS 7.5 (high): SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid…
CVE-2006-2097 — CVSS 7.5 (high): SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands…
CVE-2006-1288 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute…
CVE-2008-4171 — CVSS 7.5 (high): SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute…
CVE-2003-1385 — CVSS 6.8 (medium): ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by…
CVE-2006-1369 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject…
CVE-2006-2060 — CVSS 6.4 (medium): Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows…
CVE-2006-2498 — CVSS 6.4 (medium): Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the…
CVE-2007-4914 — CVSS 6.0 (medium): Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote…
CVE-2006-1287 — CVSS 5.8 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal…
CVE-2007-2349 — CVSS 5.8 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web…
CVE-2006-2204 — CVSS 5.5 (medium): SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5…
CVE-2006-1267 — CVSS 5.1 (medium): Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session…
CVE-2006-5203 — CVSS 5.1 (medium): Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute…
CVE-2006-2059 — CVSS 5.0 (medium): action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP…
CVE-2006-2061 — CVSS 5.0 (medium): SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote…
CVE-2006-0910 — CVSS 5.0 (medium): Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple…
CVE-2006-0909 — CVSS 5.0 (medium): Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP…
CVE-2008-6565 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script…
CVE-2008-1359 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to…
CVE-2004-1578 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script…
CVE-2006-3197 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web…
CVE-2007-2963 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote…
CVE-2005-1597 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows…
CVE-2007-4912 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows…
CVE-2005-0477 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary…
CVE-2006-1326 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or…
CVE-2004-2279 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other…
CVE-2008-0913 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web…
CVE-2006-0888 — CVSS 2.6 (low): index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of…
CVE-2006-5204 — CVSS 2.1 (low): Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote…