Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-13	CVE-2021-40604	Server-Side Request Forgery (SSRF) vulnerability in Invisioncommunity IPS Community Suite A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. network low complexity invisioncommunity CWE-918	6.4
2021-08-17	CVE-2021-39249	Use of Insufficiently Random Values vulnerability in Invisioncommunity Invision Power Board Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function. network invisioncommunity CWE-330	4.3
2021-06-01	CVE-2021-32924	Code Injection vulnerability in Invisioncommunity IPS Community Suite Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. network invisioncommunity CWE-94	6.0
2021-01-08	CVE-2021-3025	SQL Injection vulnerability in Invisioncommunity IPS Community Suite 4.5.2/4.5.3/4.5.4 Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php). network low complexity invisioncommunity CWE-89	6.5
2021-01-05	CVE-2021-3026	Cross-site Scripting vulnerability in Invisioncommunity IPS Community Suite 4.5.2/4.5.3/4.5.4 Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. network invisioncommunity CWE-79	4.3
2020-03-13	CVE-2009-5159	Cross-site Scripting vulnerability in multiple products Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. network invisioncommunity microsoft CWE-79	4.3
2019-03-02	CVE-2019-8278	Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board 3.4.7/3.4.8 Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. network invisioncommunity CWE-79	4.3
2018-03-20	CVE-2014-4928	SQL Injection vulnerability in Invisioncommunity Invision Power Board SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter. network low complexity invisionpower invisioncommunity CWE-89	6.5
2017-05-11	CVE-2017-8899	Information Exposure vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. network invisionpower invisioncommunity CWE-200	6.8
2017-05-11	CVE-2017-8897	Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. network invisionpower invisioncommunity CWE-79	4.3