Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8898 | 1 Invisioncommunity | 1 Invision Power Board | 2020-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option. | |||||
| CVE-2013-3725 | 1 Invisioncommunity | 1 Invision Power Board | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. | |||||
| CVE-2012-2226 | 1 Invisioncommunity | 1 Invision Power Board | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file. | |||||