Vulnerabilities > Invision Power Services > Invision Power Board > 2.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-16 | CVE-2005-1598 | SQL Injection vulnerability in Invision Power Board Login.PHP SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | 7.5 |
2005-05-16 | CVE-2005-1597 | Cross-Site Scripting vulnerability in Invision Power Board Topics.PHP Highlite Parameter Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. network invision-power-services | 4.3 |
2005-05-03 | CVE-2005-1443 | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. network invision-power-services | 6.8 |