Vulnerabilities > Invision Power Services > Invision Power Board > 2.0.3

DATE CVE VULNERABILITY TITLE RISK
2005-05-16 CVE-2005-1598 SQL Injection vulnerability in Invision Power Board Login.PHP
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
network
low complexity
invision-power-services
7.5
7.5
2005-05-16 CVE-2005-1597 Cross-Site Scripting vulnerability in Invision Power Board Topics.PHP Highlite Parameter
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. 		4.3
4.3
2005-05-03 CVE-2005-1443 Cross-Site Scripting vulnerability in Invision Power Board
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. 		6.8
6.8