Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
InvisioncommunityInvision Power Board

2 matches found

CVE
CVEadded 2021/08/17 11:15 p.m.41 views

CVE-2021-39249

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.

6.1CVSS6AI score0.00337EPSS
CVE
CVEadded 2021/08/17 11:15 p.m.38 views

CVE-2021-39250

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

5.4CVSS5.5AI score0.00755EPSS