Vulnerabilities > Invision Power Services > Invision Power Board > 2.3

DATE	CVE	VULNERABILITY TITLE	RISK
2010-03-02	CVE-2010-0802	SQL Injection vulnerability in Aleinbeen (Nv2) Awards 1.1.0 SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. network low complexity aleinbeen invision-power-services CWE-89	7.5
2009-03-31	CVE-2008-6565	Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. network invision-power-services CWE-79	4.3
2008-09-22	CVE-2008-4171	SQL Injection vulnerability in Invision Power Services Invision Power Board 2.2/2.3 SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. network low complexity invision-power-services CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.