CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 1CVE-2008-6565 – Invision Power Board 2.x - 'Signature' iFrame Security
https://notcve.org/view.php?id=CVE-2008-6565
31 Mar 2009 — Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Invision Power Board v2.3.1 y anteriores, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de una etiqueta IFRAME en la firma. • https://www.exploit-db.com/exploits/31541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 36EXPL: 0CVE-2006-7064
https://notcve.org/view.php?id=CVE-2006-7064
24 Feb 2007 — Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en forum/admin.php para Invision Power Board (IPB) 2.1.6 y anteriores permiten a atacantes remotos inyectar secuencias de comandos qeb o HTML como administrador a través del parámetro phpinfo. • http://archives.neohapsis.com/archives/bugtraq/2006-06/0204.html •
CVSS: 6.8EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5203
https://notcve.org/view.php?id=CVE-2006-5203
09 Oct 2006 — Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. Invision Power Board (IPB) 2.1.7 y anteriores permite a un administrador remoto restringido inyectar secuencias de comandos web o HTML de su elección, o ejecutar comandos SQL de su elección, ... • http://www.securityfocus.com/archive/1/447710/100/0/threaded •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2006-5204
https://notcve.org/view.php?id=CVE-2006-5204
09 Oct 2006 — Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action_admin/member.php en Invision Power Board (IPB) 2.1.7 y anteriores permite a un usu... • http://forums.invisionpower.com/index.php?showtopic=227937 •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 2CVE-2006-3543 – Invision Power Board (IP.Board) 1.x/2.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-3543
13 Jul 2006 — Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an... • https://www.exploit-db.com/exploits/28167 •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 2CVE-2006-2097 – Invision Power Board 2.1.5 - 'from_contact' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2097
29 Apr 2006 — SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). • https://www.exploit-db.com/exploits/1733 •
CVSS: 4.6EPSS: 0%CPEs: 17EXPL: 1CVE-2005-1816
https://notcve.org/view.php?id=CVE-2005-1816
01 Jun 2005 — Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the "Move users in this group to" screen. • http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html •
CVSS: 9.1EPSS: 3%CPEs: 7EXPL: 2CVE-2005-1817 – Invision Power Board 1.x - Unauthorized Access
https://notcve.org/view.php?id=CVE-2005-1817
01 Jun 2005 — Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters. • https://www.exploit-db.com/exploits/25741 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2005-1597 – Invision Power Board (IP.Board) < 2.0.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-1597
16 May 2005 — Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. • https://www.exploit-db.com/exploits/43824 •
CVSS: 9.8EPSS: 7%CPEs: 9EXPL: 4CVE-2005-1598 – Invision Power Board 2.0.3 - 'login.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-1598
16 May 2005 — SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. • https://www.exploit-db.com/exploits/1013 •