RSS   Vulnerabilities for 'Invision power board'   RSS

2021-08-17
 
CVE-2021-39249

CWE-79
 

 
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.

 
 
CVE-2021-39250

CWE-79
 

 
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).

 
2020-03-13
 
CVE-2009-5159

CWE-79
 

 
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.

 
2020-01-09
 
CVE-2012-2226

CWE-434
 

 
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.

 

 >>> Vendor: Invisioncommunity 3 Products
Invision power board
Community
Ips community suite


Copyright 2022, cxsecurity.com

 

Back to Top