Invisioncommunity: >> Invision Power Board >> 3.4.0 Security Vulnerabilities
Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a crafted URL.
CVSS Score
7.8
EPSS Score
0.005
Published
2015-09-04
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2014-12-03
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-07-28
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-07-03
Page 2