Filtered by vendor Invisioncommunity
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8897 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | N/A |
| Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. | ||||
| CVE-2016-2564 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | N/A |
| Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation. | ||||
| CVE-2014-4928 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | N/A |
| SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. | ||||
| CVE-2013-3725 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 9.8 Critical |
| Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. | ||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 9.8 Critical |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | ||||
| CVE-2009-5159 | 2 Invisioncommunity, Microsoft | 2 Invision Power Board, Internet Explorer | 2024-11-21 | 6.1 Medium |
| Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | ||||