Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Invisioncommunity Subscribe
Filtered by product Invision Power Board

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-39249 1 Invisioncommunity 1 Invision Power Board 2022-07-12 4.3 MEDIUM 6.1 MEDIUM
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
CVE-2021-39250 1 Invisioncommunity 1 Invision Power Board 2021-08-25 3.5 LOW 5.4 MEDIUM
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).
CVE-2017-8897 1 Invisioncommunity 1 Invision Power Board 2020-06-03 4.3 MEDIUM 6.1 MEDIUM
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement.
CVE-2016-2564 1 Invisioncommunity 1 Invision Power Board 2020-06-03 4.3 MEDIUM 5.9 MEDIUM
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.
CVE-2009-5159 2 Invisioncommunity, Microsoft 2 Invision Power Board, Internet Explorer 2020-03-18 4.3 MEDIUM 6.1 MEDIUM
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
CVE-2019-8278 1 Invisioncommunity 1 Invision Power Board 2019-03-07 4.3 MEDIUM 6.1 MEDIUM
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.