Vulnerabilities > Invision Power Services > Invision Community Blog > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2006-05-09	CVE-2006-2251	SQL Injection vulnerability in Invision Community Blog Mod.PHP SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. network low complexity invision-power-services	6.4
2005-06-09	CVE-2005-1945	Cross-Site Scripting vulnerability in Invision Community Blog 1.0/1.1 Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. network invision-power-services	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.