Vulnerabilities > Invisioncommunity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-03 | CVE-2014-3149 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2005-06-09 | CVE-2005-1947 | Cross-Site Request Forgery (CSRF) vulnerability in Invisioncommunity Gallery Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | 4.3 |