Vulnerabilities > Invisioncommunity

DATE CVE VULNERABILITY TITLE RISK
2021-08-17 CVE-2021-39249 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
4.3
2021-08-17 CVE-2021-39250 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content.
3.5
2021-06-01 CVE-2021-32924 Code Injection vulnerability in Invisioncommunity IPS Community Suite
Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
6.0
2021-01-08 CVE-2021-3025 SQL Injection vulnerability in Invisioncommunity IPS Community Suite 4.5.2/4.5.3/4.5.4
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
network
low complexity
invisioncommunity CWE-89
6.5
2021-01-05 CVE-2021-3026 Cross-site Scripting vulnerability in Invisioncommunity IPS Community Suite 4.5.2/4.5.3/4.5.4
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.
4.3
2020-12-30 CVE-2020-29477 Cross-site Scripting vulnerability in Invisioncommunity Community 4.5.4
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field.
3.5
2020-03-13 CVE-2009-5159 Cross-site Scripting vulnerability in multiple products
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
4.3
2020-02-12 CVE-2013-3725 Unspecified vulnerability in Invisioncommunity Invision Power Board
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
network
low complexity
invisioncommunity
7.5
2020-01-09 CVE-2012-2226 Unrestricted Upload of File with Dangerous Type vulnerability in Invisioncommunity Invision Power Board 2.0/3.0.4
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.
network
low complexity
invisioncommunity CWE-434
7.5
2019-03-02 CVE-2019-8278 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board 3.4.7/3.4.8
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.
4.3