VYPR

IPS Community Suite

by Invision Community

CVEs (4)

  • CVE-2021-32924HigJun 1, 2021
    risk 0.59cvss 8.8epss 0.20

    Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.

  • CVE-2021-39249MedAug 17, 2021
    risk 0.40cvss 6.1epss 0.01

    Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.

  • CVE-2021-3026MedJan 5, 2021
    risk 0.40cvss 6.1epss 0.01

    Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.

  • CVE-2021-39250MedAug 17, 2021
    risk 0.35cvss 5.4epss 0.01

    Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an…