Vulnerabilities > Invisioncommunity > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-17 CVE-2021-39249 Use of Insufficiently Random Values vulnerability in Invisioncommunity Invision Power Board
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
network
low complexity
invisioncommunity CWE-330
6.1
2021-08-17 CVE-2021-39250 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content.
network
low complexity
invisioncommunity CWE-79
5.4
2021-01-05 CVE-2021-3026 Cross-site Scripting vulnerability in Invisioncommunity IPS Community Suite 4.5.2/4.5.3/4.5.4
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.
network
low complexity
invisioncommunity CWE-79
6.1
2020-12-30 CVE-2020-29477 Cross-site Scripting vulnerability in Invisioncommunity Community 4.5.4
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field.
network
low complexity
invisioncommunity CWE-79
4.8
2020-03-13 CVE-2009-5159 Cross-site Scripting vulnerability in multiple products
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
network
low complexity
invisioncommunity microsoft CWE-79
6.1
2019-03-02 CVE-2019-8278 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.
network
low complexity
invisioncommunity CWE-79
6.1
2017-05-11 CVE-2017-8897 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector.
network
low complexity
invisioncommunity CWE-79
6.1
2017-04-23 CVE-2016-2564 Insufficient Entropy vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag.
network
high complexity
invisioncommunity CWE-331
5.9
2005-06-09 CVE-2005-1947 Cross-Site Request Forgery (CSRF) vulnerability in Invisioncommunity Gallery
Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.
network
low complexity
invisioncommunity CWE-352
4.3