Vulnerabilities > Invisioncommunity > IPS Community Suite > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-13 | CVE-2021-40604 | Server-Side Request Forgery (SSRF) vulnerability in Invisioncommunity IPS Community Suite A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. | 6.4 |
| 2021-06-01 | CVE-2021-32924 | Code Injection vulnerability in Invisioncommunity IPS Community Suite Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. | 6.0 |
| 2021-01-08 | CVE-2021-3025 | SQL Injection vulnerability in Invisioncommunity IPS Community Suite 4.5.2/4.5.3/4.5.4 Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php). | 6.5 |
| 2021-01-05 | CVE-2021-3026 | Cross-site Scripting vulnerability in Invisioncommunity IPS Community Suite 4.5.2/4.5.3/4.5.4 Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. | 4.3 |