Vulnerabilities > Invisioncommunity > Invision Power Board > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-17 | CVE-2021-39249 | Use of Insufficiently Random Values vulnerability in Invisioncommunity Invision Power Board Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function. | 6.1 |
| 2021-08-17 | CVE-2021-39250 | Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. | 5.4 |
| 2020-03-13 | CVE-2009-5159 | Cross-site Scripting vulnerability in multiple products Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | 6.1 |
| 2019-03-02 | CVE-2019-8278 | Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. | 6.1 |
| 2017-05-11 | CVE-2017-8897 | Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. | 6.1 |
| 2017-04-23 | CVE-2016-2564 | Insufficient Entropy vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. | 5.9 |