CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Invision Power Services: >> Invision Power Board >> 2.1.x Security Vulnerabilities

CVE-2008-6565

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.

CVSS Score

4.3

EPSS Score

0.001

Published

2009-03-31

CVE-2006-2060

Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.

CVSS Score

6.4

EPSS Score

0.022

Published

2006-04-26

Page 1

Vulnerabilities

Vulnerable Software

Invision Power Services: >> Invision Power Board >> 2.1.x Security Vulnerabilities

Products

Pricing

Contact Us