Invision Power Board Security Vulnerabilities and Issues — Invision Power Board CVE List

Lucene search

InvisioncommunityInvision Power Board

4 matches found

CVE•added 2020/03/13 3:15 p.m.•44 views

CVE-2009-5159

Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.

6.1CVSS5.9AI score0.00773EPSS

CVE•added 2017/05/11 5:29 p.m.•43 views

CVE-2017-8897

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision...

6.1CVSS5.9AI score0.00285EPSS

CVE•added 2021/08/17 11:15 p.m.•41 views

CVE-2021-39249

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.

6.1CVSS6AI score0.00337EPSS

CVE•added 2019/03/02 1:29 a.m.•37 views

CVE-2019-8278

Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.

6.1CVSS6.1AI score0.0034EPSS