Vulnerabilities > Invision Power Services > Invision Power Board > Low

DATE	CVE	VULNERABILITY TITLE	RISK
2006-10-10	CVE-2006-5204	Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. network high complexity invision-power-services	2.1
2006-02-25	CVE-2006-0888	Denial of Service vulnerability in Invision Power Services Invision Power Board 2.0.1 index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. network high complexity invision-power-services	2.6

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.