← Back

Invisionpower

invisionpower

6 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Invision Power Board
invision_power_board
4 CVEs
Ibphotohost
ibphotohost
1 CVE
Ip.nexus
ip.nexus
1 CVE

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-6810
1Invisionpower
1Invision Power Board
May 6, 2026
Sep 4, 2015
N/A· v4
N/A· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script...Show more
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.Show less
CVE-2014-9239
2Invisioncommunity
Invisionpower
2Invision Power Board
Invision Power Board
May 6, 2026
Dec 3, 2014
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute...Show more
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.Show less
CVE-2014-3149
2Invisioncommunity
Invisionpower
2Invision Power Board
Ip.nexus
May 6, 2026
Jul 3, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, a...Show more
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2012-5692
2Invisioncommunity
Invisionpower
2Invision Power Board
Invision Power Board
Apr 29, 2026
Oct 31, 2012
N/A· v4
N/A· v3
10.0 HIGH· v2
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2010-3601
1Invisionpower
1Ibphotohost
Apr 29, 2026
Sep 24, 2010
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
CVE-2006-0633
1Invisionpower
1Invision Power Board
Apr 16, 2026
Feb 10, 2006
N/A· v4
N/A· v3
6.4 MEDIUM· v2
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost pa...Show more
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.Show less