VYPR

IP-Board

by Invision Community

CVEs (2)

  • CVE-2021-39249MedAug 17, 2021
    risk 0.40cvss 6.1epss 0.01

    Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.

  • CVE-2021-39250MedAug 17, 2021
    risk 0.35cvss 5.4epss 0.01

    Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an…