Vulnerabilities > Invisionpower > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-11 | CVE-2017-8898 | Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. | 7.5 |
| 2015-09-04 | CVE-2015-6812 | Resource Management Errors vulnerability in Invisioncommunity Invision Power Board Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL. | 7.8 |
| 2014-12-03 | CVE-2014-9239 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. | 7.5 |
| 2010-09-24 | CVE-2010-3601 | SQL Injection vulnerability in Invisionpower Ibphotohost 1.1.2 SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter. | 7.5 |
| 2009-11-18 | CVE-2009-3974 | SQL Injection vulnerability in Invisioncommunity Invision Power Board 3.0.0/3.0.1/3.0.2 Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. | 7.5 |