3 matches found
VulnCheck KEV: CVE-2025-47916
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller file: /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by...
CVE-2025-47916
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller file: /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by...
PT-2025-21165 · Invision · Invision Community
Name of the Vulnerable Software and Affected Versions: Invision Community versions 5.0.0 through 5.0.7 Description: The issue lies within the themeeditor controller, where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content...