cbcvebase.

Invision Power Services Invision Power Board vulnerabilities

39 known vulnerabilities affecting invision_power_services/invision_power_board.

Total CVEs
39
CISA KEV
0
Public exploits
14
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM25LOW2

Vulnerabilities

Page 2 of 2
CVE-2007-3219P4HIGHCVSS 7.8v2.2v2.2.1+1 more2007-06-14
CVE-2007-3219 [HIGH] CVE-2007-3219: Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Boa Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.
nvd
CVE-2006-2060P4MEDIUMCVSS 6.4v2.0.xv2.1.x2006-04-26
CVE-2006-2060 [MEDIUM] CVE-2006-2060: Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filenam
nvd
CVE-2007-4914P4MEDIUMCVSS 6.0≤ 2.3.1v2.1.5_2006-03-08+5 more2007-09-17
CVE-2007-4914 [MEDIUM] CWE-20 CVE-2007-4914: Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3 Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4)
nvd
CVE-2006-2204P4MEDIUMCVSS 5.5v2.0.0v2.0.1+17 more2006-05-05
CVE-2006-2204 [MEDIUM] CVE-2006-2204: SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.ph SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
nvd
CVE-2006-0910P4MEDIUMCVSS 5.0v2.0.0v2.0.1+13 more2006-02-28
CVE-2006-0910 [MEDIUM] CVE-2006-0910: Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Rende
nvd
CVE-2006-5203P4MEDIUMCVSS 5.1≤ 2.1.7v1.0+34 more2006-10-10
CVE-2006-5203 [MEDIUM] CVE-2006-5203: Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbit Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel.
nvd
CVE-2006-1267P4MEDIUMCVSS 5.1v2.1.42006-03-19
CVE-2006-1267 [MEDIUM] CVE-2006-1267: Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrati Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request.
nvd
CVE-2006-0909P4MEDIUMCVSS 5.0v2.0.0v2.0.1+13 more2006-02-28
CVE-2006-0909 [MEDIUM] CVE-2006-0909: Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information v Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class
nvd
CVE-2007-2349P4MEDIUMCVSS 5.8v2.1v2.22007-04-30
CVE-2007-2349 [MEDIUM] CVE-2007-2349: Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows r Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.
nvd
CVE-2006-1369P4MEDIUMCVSS 6.8v2.1v2.1.5+1 more2006-03-23
CVE-2006-1369 [MEDIUM] CVE-2006-1369: Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 2006 Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.
nvd
CVE-2006-3197P4MEDIUMCVSS 4.3v2.1v2.1.0+12 more2006-06-23
CVE-2006-3197 [MEDIUM] CVE-2006-3197: Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remo Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML.
nvd
CVE-2007-2963P4MEDIUMCVSS 4.3≤ 2.2.22007-05-31
CVE-2007-2963 [MEDIUM] CVE-2007-2963: Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscr
nvd
CVE-2008-1359P4MEDIUMCVSS 4.3≤ 2.3.42008-03-17
CVE-2008-1359 [MEDIUM] CVE-2008-1359: Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008 Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 before 2008-03-13 allows remote attackers to inject arbitrary web script or HTML via nested BBCodes, a different vector than CVE-2008-0913.
nvd
CVE-2004-1578P4MEDIUMCVSS 4.3v2.0.02004-12-31
CVE-2004-1578 [MEDIUM] CVE-2004-1578: Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote at Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.
nvd
CVE-2007-4912P4MEDIUMCVSS 4.3v2.1.5_2006-03-08v2.1.5_2006-04-25+4 more2007-09-17
CVE-2007-4912 [MEDIUM] CWE-79 CVE-2007-4912: Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB o Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.
nvd
CVE-2008-0913P4MEDIUMCVSS 4.3v2.3.42008-02-22
CVE-2008-0913 [MEDIUM] CWE-79 CVE-2008-0913: Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remo Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.
nvd
CVE-2004-2279P4MEDIUMCVSS 4.3v1.3_final2004-12-31
CVE-2004-2279 [MEDIUM] CVE-2004-2279: Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers t Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.
nvd
CVE-2006-1287P4MEDIUMCVSS 5.8v2.0.4v2.1.42006-03-19
CVE-2006-1287 [MEDIUM] CVE-2006-1287: Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 200601 Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer.
nvd
CVE-2006-5204P4LOWCVSS 2.1≤ 2.1.7v1.0+34 more2006-10-10
CVE-2006-5204 [LOW] CVE-2006-5204: Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2. Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin.
nvd
Invision Power Services Invision Power Board vulnerabilities | cvebase