Vulnerabilites related to invisionpower - invision_power_board
Vulnerability from fkie_nvd
Published
2012-10-31 10:50
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
References
cve@mitre.orghttp://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/51104Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/56288
af854a3a-2127-422b-91ae-364da2661108http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51104Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56288
Impacted products
Vendor Product Version
invisioncommunity invision_power_board 3.1.2
invisioncommunity invision_power_board 3.3.0
invisionpower invision_power_board 3.1.0
invisionpower invision_power_board 3.1.1
invisionpower invision_power_board 3.1.3
invisionpower invision_power_board 3.1.4
invisionpower invision_power_board 3.2.0
invisionpower invision_power_board 3.2.1
invisionpower invision_power_board 3.2.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB4BBA21-CF90-4436-92F7-07D2254A5E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99FFCEE5-2A51-4D4A-A04E-74DA1A9EA7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CD8FD32-9EE5-49E7-A322-EE30ABF51880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB6D987-906E-4593-B054-6AF3FC2B4F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB16D2F4-C188-41DC-AC4C-9EC7AE00E27C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94EB139-3EEB-4EFA-94A2-D9C3C2159F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7268AFC-DC6D-4A24-8384-E08AC91668D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC2DA35C-2B52-49DD-B6D2-3CB9F1E92EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A7602AF-F56E-40C3-B5DE-4029F6AD19E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no espec\u00edfica en admin/sources/base/core.php en Invision Power Board (tambi\u00e9n conocido como IPB o IP.Board) v3.1.x hasta v3.3.x tiene un impacto y vectores de ataque desconocidos."
    }
  ],
  "id": "CVE-2012-5692",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-31T10:50:32.560",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51104"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/56288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56288"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-02-10 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
References
cve@mitre.orghttp://forums.invisionpower.com/lofiversion/index.php/t200085.html
cve@mitre.orghttp://www.r-security.net/tutorials/view/readtutorial.php?id=4Patch
af854a3a-2127-422b-91ae-364da2661108http://forums.invisionpower.com/lofiversion/index.php/t200085.html
af854a3a-2127-422b-91ae-364da2661108http://www.r-security.net/tutorials/view/readtutorial.php?id=4Patch
Impacted products
Vendor Product Version
invisionpower invision_power_board 2.1.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C99FFB-7A97-4F26-97BA-3B3593B7AE01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests."
    }
  ],
  "id": "CVE-2006-0633",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-02-10T11:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-09-04 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
References
cve@mitre.orghttps://community.invisionpower.com/release-notes/40121-r22/Vendor Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/37989/Exploit
af854a3a-2127-422b-91ae-364da2661108https://community.invisionpower.com/release-notes/40121-r22/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/37989/Exploit
Impacted products
Vendor Product Version
invisionpower invision_power_board 4.0.0
invisionpower invision_power_board 4.0.1
invisionpower invision_power_board 4.0.2
invisionpower invision_power_board 4.0.3
invisionpower invision_power_board 4.0.4
invisionpower invision_power_board 4.0.5.1
invisionpower invision_power_board 4.0.6.1
invisionpower invision_power_board 4.0.7
invisionpower invision_power_board 4.0.8
invisionpower invision_power_board 4.0.8.1
invisionpower invision_power_board 4.0.9.2
invisionpower invision_power_board 4.0.10.2
invisionpower invision_power_board 4.0.11
invisionpower invision_power_board 4.0.12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC9976C-50BC-42D5-A29C-F8D9A242FEB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBDF76B0-0DA8-4A00-B319-8C0AAFE3997A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDD7C3F7-FB78-49B2-9569-0994168348F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F605B7-0840-445A-9D9B-7A31F3BBE015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E907E62-8F84-4696-9211-68CFCD33ABCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24EECA2-2B2C-4E4F-8D98-A14CEEA55AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7655C20B-4483-43D0-956F-7426FDDDAF2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5A96CB-34D0-46B6-8E1E-F7F17091BCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B399679-181B-4305-9256-CCF32E93ADE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEC8363-7FF1-4BB2-9BFB-07319391E511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "272661E2-353B-42D9-A649-42C1D8B5159C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA019FF-A917-473B-9EB6-349CA512173D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "30483016-BB5F-4101-92AB-B26AA2A65596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0D11EAA-35B1-4944-9982-087A1EB88710",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Invision Power Services IPS Community Suite (tambi\u00e9n conocido como Invision Power Board, IPB o Power Board) 4.x en versiones anteriores a 4.0.12.1, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro del vector event_location[address] a calendar/submit/"
    }
  ],
  "id": "CVE-2015-6810",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-09-04T15:59:08.273",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.invisionpower.com/release-notes/40121-r22/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.exploit-db.com/exploits/37989/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://community.invisionpower.com/release-notes/40121-r22/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.exploit-db.com/exploits/37989/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-12-03 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
References
cve@mitre.orghttp://community.invisionpower.com/blogs/entry/9704-active-security-exploit/Exploit, Patch
cve@mitre.orghttp://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/Patch
cve@mitre.orghttp://seclists.org/fulldisclosure/2014/Nov/20
af854a3a-2127-422b-91ae-364da2661108http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/Patch
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2014/Nov/20
Impacted products
Vendor Product Version
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.0
invisioncommunity invision_power_board 3.3.1
invisioncommunity invision_power_board 3.3.2
invisioncommunity invision_power_board 3.3.3
invisioncommunity invision_power_board 3.3.4
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.0
invisioncommunity invision_power_board 3.4.1
invisioncommunity invision_power_board 3.4.2
invisioncommunity invision_power_board 3.4.3
invisioncommunity invision_power_board 3.4.4
invisioncommunity invision_power_board 3.4.5
invisioncommunity invision_power_board 3.4.6
invisionpower invision_power_board 3.4.7


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99FFCEE5-2A51-4D4A-A04E-74DA1A9EA7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "784BFFC7-C237-47ED-AAE2-E6380427473A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "1F58948C-552A-404B-94FE-D80869593E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "6008A365-6856-4A7D-AD7C-8614B5BEEE18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "C4F1DDBB-5896-4026-8EBF-4934F13576D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "AEE3DB7A-530E-48D9-BA57-BFB524A203F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "6BDB1057-2279-4CC3-8CFB-69B10F772440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE613CF-1CEA-4B3E-9906-DD3B8C7CBCF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D0EFE0-6468-4EBB-9AF6-A84B57531ED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CAB4DC-6817-4BB8-8665-B06861D67B4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F22F32-1FDB-469D-9478-49EBBDCB97B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A777CF4-9BCE-49D4-9248-6BAA1966B1DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "55C99849-81C5-45A5-B3B8-0BFF62BF19C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "83C25B54-AE40-4E6C-8969-6EFAD0C75604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "E81E98C8-E959-4E48-8BC1-118EF2CE7AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "AD21C54B-0118-4CD6-B0BF-5CBB31BC4BED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "2DBFC487-CADD-4410-8817-FD58DED0E5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "FBA34B41-7997-4A52-8D78-E0BFD798C4BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73D08920-9F21-442A-BCE3-282EB724ED16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C8719C2-4F1C-43A2-9476-AABE1E30E32C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9743ACA1-6623-4A88-85E1-BBB51906D1FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "45415FB5-9CC7-4144-ACEE-E5DFB13AC6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "571CA374-11A2-44A9-B007-3F3D4247884A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisioncommunity:invision_power_board:3.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52D8713-B5BA-43C2-BC46-02A2CD3950CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:invisionpower:invision_power_board:3.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "146F423D-D5A6-475F-9B82-3F70FAF03F30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el servicio IPS Connect (interface/ipsconnect/ipsconnect.php) en Invision Power Board (tambi\u00e9n conocido como IPB o IP.Board) 3.3.x y 3.4.x hasta 3.4.7 anterior a 20141114 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro id[]."
    }
  ],
  "id": "CVE-2014-9239",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-03T21:59:08.963",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2006-0633 (GCVE-0-2006-0633)
Vulnerability from cvelistv5
Published
2006-02-10 11:00
Modified
2024-09-16 19:39
Severity ?
CWE
  • n/a
Summary
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
References
http://forums.invisionpower.com/lofiversion/index.php/t200085.htmlx_refsource_MISC
http://www.r-security.net/tutorials/view/readtutorial.php?id=4x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:41:28.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-02-10T11:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-0633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html",
              "refsource": "MISC",
              "url": "http://forums.invisionpower.com/lofiversion/index.php/t200085.html"
            },
            {
              "name": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4",
              "refsource": "MISC",
              "url": "http://www.r-security.net/tutorials/view/readtutorial.php?id=4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-0633",
    "datePublished": "2006-02-10T11:00:00Z",
    "dateReserved": "2006-02-10T00:00:00Z",
    "dateUpdated": "2024-09-16T19:39:59.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9239 (GCVE-0-2014-9239)
Vulnerability from cvelistv5
Published
2014-12-03 21:00
Modified
2024-09-16 17:38
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
References
http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/Nov/20mailing-list, x_refsource_FULLDISC
http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:40:25.157Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
          },
          {
            "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-03T21:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
        },
        {
          "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9239",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/blogs/entry/9705-ipboard-33x-34x-security-update/"
            },
            {
              "name": "20141109 IP.Board \u003c= 3.4.7 SQL Injection",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Nov/20"
            },
            {
              "name": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/blogs/entry/9704-active-security-exploit/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9239",
    "datePublished": "2014-12-03T21:00:00Z",
    "dateReserved": "2014-12-03T00:00:00Z",
    "dateUpdated": "2024-09-16T17:38:45.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5692 (GCVE-0-2012-5692)
Vulnerability from cvelistv5
Published
2012-10-31 10:00
Modified
2024-09-16 18:49
Severity ?
CWE
  • n/a
Summary
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
References
http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/x_refsource_CONFIRM
http://secunia.com/advisories/51104third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/56288vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
          },
          {
            "name": "51104",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51104"
          },
          {
            "name": "56288",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56288"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-31T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
        },
        {
          "name": "51104",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51104"
        },
        {
          "name": "56288",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56288"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5692",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/",
              "refsource": "CONFIRM",
              "url": "http://community.invisionpower.com/topic/371625-ipboard-31x-32x-and-33x-security-update/"
            },
            {
              "name": "51104",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51104"
            },
            {
              "name": "56288",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56288"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5692",
    "datePublished": "2012-10-31T10:00:00Z",
    "dateReserved": "2012-10-29T00:00:00Z",
    "dateUpdated": "2024-09-16T18:49:53.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6810 (GCVE-0-2015-6810)
Vulnerability from cvelistv5
Published
2015-09-04 15:00
Modified
2024-09-17 04:18
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
References
https://www.exploit-db.com/exploits/37989/exploit, x_refsource_EXPLOIT-DB
https://community.invisionpower.com/release-notes/40121-r22/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37989",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37989/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://community.invisionpower.com/release-notes/40121-r22/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-09-04T15:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37989",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37989/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://community.invisionpower.com/release-notes/40121-r22/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-6810",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37989",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37989/"
            },
            {
              "name": "https://community.invisionpower.com/release-notes/40121-r22/",
              "refsource": "CONFIRM",
              "url": "https://community.invisionpower.com/release-notes/40121-r22/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-6810",
    "datePublished": "2015-09-04T15:00:00Z",
    "dateReserved": "2015-09-04T00:00:00Z",
    "dateUpdated": "2024-09-17T04:18:50.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}