2 matches found
CVE-2021-39250
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...
Invision Community 安全特征问题漏洞
Invision Community is a software for designing and developing mobile application UI from Invision, Inc. A security signature vulnerability exists in Invision Community, which originates in the product's mtrand function that enables brute-force attacks on uploaded files to predict file names. The...