CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2007-4912
https://notcve.org/view.php?id=CVE-2007-4912
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ips_kernel/class_ajax.php en Invision Power Board (IPB or IP.Board) 2.3.1 hasta la 20070912 permite a atacantes remotos inyectar secuencias de comandos web o HTML dentro de los campos de configuración de usuario a través de vectores no específicos relacionado con la asignación de caracteres diferentes de iso-8859-1 o utf-8. • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 http://secunia.com/advisories/26788 http://www.securityfocus.com/bid/25656 https://exchange.xforce.ibmcloud.com/vulnerabilities/36589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0CVE-2007-4914
https://notcve.org/view.php?id=CVE-2007-4914
Unspecified vulnerability in the subscriptions manager in Invision Power Board (IPB or IP.Board) 2.3.1 before 20070912 allows remote authenticated users to change the member ID and reduce the privilege level of arbitrary users via a crafted payment form, related to (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, and (5) class_gw_safshop.php in sources/classes/paymentgateways/. Vulnerabilidad no especificada en la gestión de suscripciones en Invision Power Board (IPB o IP.Board) 2.3.1 anterior a 20070912 permite a usuarios remotos validados cambiar el ID de miembro y reducir el nivel de privilegio de usuarios de su elección a través de un formulario de pago manipulado, relacionado con (1) class_gw_2checkout.php, (2) class_gw_authorizenet.php, (3) class_gw_nochex.php, (4) class_gw_paypal.php, y (5) class_gw_safshop.php en sources/classes/paymentgateways/. • http://forums.invisionpower.com/index.php?act=attach&type=post&id=11870 http://forums.invisionpower.com/index.php?showtopic=237075 http://osvdb.org/41319 http://osvdb.org/41320 http://osvdb.org/41321 http://osvdb.org/41322 http://osvdb.org/41323 http://secunia.com/advisories/26788 http://www.securityfocus.com/bid/25656 https://exchange.xforce.ibmcloud.com/vulnerabilities/36590 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2963
https://notcve.org/view.php?id=CVE-2007-2963
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IPB o IP.Board) 2.2.2 y, posiblemente, versiones anteriores, permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php o (6) el parámetro editorid en el module_table.php del jscripts/folder_rte_files/. NOTA: algunos de estos detalles se obtienen a partir de la información de terceros. • http://forums.invisionpower.com/index.php?showtopic=235069 http://osvdb.org/35430 http://osvdb.org/35431 http://osvdb.org/35432 http://osvdb.org/35433 http://osvdb.org/35434 http://osvdb.org/35435 http://secunia.com/advisories/25437 http://www.securityfocus.com/bid/24244 http://www.vupen.com/english/advisories/2007/1993 https://exchange.xforce.ibmcloud.com/vulnerabilities/34616 •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2349
https://notcve.org/view.php?id=CVE-2007-2349
Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Invision Power Board (IP.Board) 2.1.x y 2.2.x permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección mediante la carga de imágenes o archivos PDF modificados. • http://forums.invisionpower.com/index.php?showtopic=234377 http://osvdb.org/35427 http://secunia.com/advisories/25021 http://www.vupen.com/english/advisories/2007/1558 https://exchange.xforce.ibmcloud.com/vulnerabilities/33942 •
CVSS: 9.3EPSS: 0%CPEs: 36EXPL: 0CVE-2006-7064
https://notcve.org/view.php?id=CVE-2006-7064
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en forum/admin.php para Invision Power Board (IPB) 2.1.6 y anteriores permiten a atacantes remotos inyectar secuencias de comandos qeb o HTML como administrador a través del parámetro phpinfo. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html http://securityreason.com/securityalert/2307 http://www.securityfocus.com/bid/18450 https://exchange.xforce.ibmcloud.com/vulnerabilities/27069 •