Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
invisioncommunity ips community suite vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-3025
Invision Community IPS Community Suite prior to 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
Invisioncommunity Ips Community Suite
383
VMScore
CVE-2021-3026
Invision Community IPS Community Suite prior to 4.5.4.2 allows XSS during the quoting of a post or comment.
Invisioncommunity Ips Community Suite
570
VMScore
CVE-2021-40604
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite prior to 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by ...
Invisioncommunity Ips Community Suite
534
VMScore
CVE-2021-32924
Invision Community (aka IPS Community Suite) prior to 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
Invisioncommunity Ips Community Suite
685
VMScore
CVE-2016-6174
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) prior to 4.1.13, when used with PHP prior to 5.4.24 or 5.5.x prior to 5.5.8, allows remote malicious users to execute arbitrary code v...
Invisioncommunity Invision Power Board
Php Php 5.5.2
Php Php 5.5.1
Php Php 5.5.0
Php Php 5.5.7
Php Php 5.5.6
Php Php 5.5.5
Php Php 5.5.4
Php Php 5.5.3
Php Php
1 EDB exploit
383
VMScore
CVE-2021-39249
Invision Community (aka IPS Community Suite or IP-Board) prior to 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
Invisioncommunity Invision Power Board
383
VMScore
CVE-2017-8897
Invision Power Services (IPS) Community Suite 4.1.19.2 and previous versions has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announ...
Invisioncommunity Invision Power Board
694
VMScore
CVE-2015-6812
Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) prior to 4.0.12.1 allows remote malicious users to cause a denial of service (loop and memory consumption) via a crafted URL.
Invisioncommunity Invision Power Board
383
VMScore
CVE-2016-2564
Invision Power Services (IPS) Community Suite prior to 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.
Invisioncommunity Invision Power Board
668
VMScore
CVE-2017-8898
Invision Power Services (IPS) Community Suite 4.1.19.2 and previous versions has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&...
Invisioncommunity Invision Power Board
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »