Vulnerabilities > Invision Power Services > Invision Power Board > 2.0.alpha3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-31 | CVE-2008-6565 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. | 4.3 |
| 2007-02-24 | CVE-2006-7064 | Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. | 9.3 |
| 2006-10-10 | CVE-2006-5204 | Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. | 2.1 |
| 2006-10-10 | CVE-2006-5203 | Cross-Site Scripting vulnerability in Invision Power Board Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the Admin control panel. | 5.1 |