Invisioncommunity Invision_power_board
11 CVEs affecting Invisioncommunity Invision_power_board. Latest disclosed: 2017-05-11. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-8898 | Critical | 9.8 | 2017-05-11 | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Bo… |
CVE-2017-8899 | High | 8.1 | 2017-05-11 | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature f… |
CVE-2016-6174 | High | 8.1 | 2016-07-12 | applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13… |
CVE-2017-8897 | Medium | 6.1 | 2017-05-11 | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?co… |
CVE-2016-2564 | Medium | 5.9 | 2017-04-23 | Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Att… |
CVE-2015-6812 | | 2015-09-04 | Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of servic… | |
CVE-2014-9239 | | 2014-12-03 | SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x thro… | |
CVE-2014-5106 | | 2014-07-28 | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary we… | |
CVE-2014-3149 | | 2014-07-03 | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or I… | |
CVE-2012-5692 | | 2012-10-31 | Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack… | |
CVE-2010-3424 | | 2010-09-16 | Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers t… |