Vulnerabilities > Invisioncommunity > Invision Power Board > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2013-3725 Unspecified vulnerability in Invisioncommunity Invision Power Board
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
network
low complexity
invisioncommunity
critical
 9.8
9.8
2020-01-09 CVE-2012-2226 Unrestricted Upload of File with Dangerous Type vulnerability in Invisioncommunity Invision Power Board
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
network
low complexity
invisioncommunity CWE-434
critical
 9.8
9.8
2017-05-11 CVE-2017-8898 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin.
network
low complexity
invisioncommunity CWE-79
critical
 9.8
9.8