Invision Power Services » Invision Power Board » 2.0_alpha3 : Security Vulnerabilities, CVEs, Published In 2007 (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
Max CVSS
4.3
EPSS Score
0.47%
Published
2007-05-31
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
Max CVSS
9.3
EPSS Score
0.37%
Published
2007-02-24
Updated
2017-07-29
2 vulnerabilities found