High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-12	CVE-2013-3725	Unspecified vulnerability in Invisioncommunity Invision Power Board Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. network low complexity invisioncommunity	7.5
2020-01-09	CVE-2012-2226	Unrestricted Upload of File with Dangerous Type vulnerability in Invisioncommunity Invision Power Board 2.0/3.0.4 Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. network low complexity invisioncommunity CWE-434	7.5
2017-05-11	CVE-2017-8898	Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. network low complexity invisionpower invisioncommunity CWE-79	7.5
2015-09-04	CVE-2015-6812	Resource Management Errors vulnerability in Invisioncommunity Invision Power Board Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. network low complexity invisionpower invisioncommunity CWE-399	7.8
2014-12-03	CVE-2014-9239	SQL Injection vulnerability in multiple products SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. network low complexity invisionpower invisioncommunity CWE-89	7.5