IPS Community Suite
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32924 | Hig | 0.59 | 8.8 | 0.20 | Jun 1, 2021 | Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. | ||
| CVE-2021-39249 | Med | 0.40 | 6.1 | 0.01 | Aug 17, 2021 | Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function. | ||
| CVE-2021-3026 | Med | 0.40 | 6.1 | 0.01 | Jan 5, 2021 | Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. | ||
| CVE-2021-39250 | Med | 0.35 | 5.4 | 0.01 | Aug 17, 2021 | Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an… |
- risk 0.59cvss 8.8epss 0.20
Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
- risk 0.40cvss 6.1epss 0.01
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
- risk 0.40cvss 6.1epss 0.01
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.
- risk 0.35cvss 5.4epss 0.01
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an…