CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0633
https://notcve.org/view.php?id=CVE-2006-0633
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests. • http://forums.invisionpower.com/lofiversion/index.php/t200085.html http://www.r-security.net/tutorials/view/readtutorial.php?id=4 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 1CVE-2005-1443
https://notcve.org/view.php?id=CVE-2005-1443
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. • http://securitytracker.com/id?1013863 •