Vulnerabilities > Invision Power Services > Invision Power Board > 2.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-02 | CVE-2010-0802 | SQL Injection vulnerability in Aleinbeen (Nv2) Awards 1.1.0 SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. | 7.5 |
2009-03-31 | CVE-2008-6565 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. | 4.3 |
2008-09-22 | CVE-2008-4171 | SQL Injection vulnerability in Invision Power Services Invision Power Board 2.2/2.3 SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. | 7.5 |