Vulnerabilities > Invision Power Services > Invision Power Board > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-16 | CVE-2005-1597 | Cross-Site Scripting vulnerability in Invision Power Board Topics.PHP Highlite Parameter Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. network invision-power-services | 4.3 |
| 2005-05-03 | CVE-2005-1443 | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. network invision-power-services | 6.8 |
| 2005-03-30 | CVE-2005-0477 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. | 4.3 |
| 2004-12-31 | CVE-2004-2279 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 1.3Final Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. network invision-power-services | 4.3 |
| 2004-12-31 | CVE-2004-1578 | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.0.0 Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. network invision-power-services | 4.3 |
| 2003-12-31 | CVE-2003-1385 | Code Injection vulnerability in Invision Power Services Invision Power Board 1.1.1 ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | 6.8 |