Invisioncommunity Invision Power Board — known CVE vulnerabilities
Every CVE whose affected-product data names Invisioncommunity Invision Power Board, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2012-5692 — CVSS 10.0 (critical): Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown…
CVE-2017-8898 — CVSS 9.8 (critical): Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from…
CVE-2012-2226 — CVSS 9.8 (critical): Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information…
CVE-2014-4928 — CVSS 8.8 (high): SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL…
CVE-2017-8899 — CVSS 8.1 (high): Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the…
CVE-2016-6174 — CVSS 8.1 (high): applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power…
CVE-2015-6812 — CVSS 7.8 (high): Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to…
CVE-2009-3974 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute…
CVE-2014-9239 — CVSS 7.5 (high): SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board)…
CVE-2021-39249 — CVSS 6.1 (medium): Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become…
CVE-2017-8897 — CVSS 6.1 (medium): Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18…
CVE-2009-5159 — CVSS 6.1 (medium): Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
CVE-2016-2564 — CVSS 5.9 (medium): Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the…
CVE-2021-39250 — CVSS 5.4 (medium): Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an…
CVE-2010-3424 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2…
CVE-2014-3149 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded…
CVE-2014-5106 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to…