Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
invisioncommunity invision power board vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-39249
Invision Community (aka IPS Community Suite or IP-Board) prior to 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
Invisioncommunity Invision Power Board
383
VMScore
CVE-2009-5159
Invision Power Board (aka IPB or IP.Board) 2.x up to and including 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
Invisioncommunity Invision Power Board
Microsoft Internet Explorer 5
383
VMScore
CVE-2019-8278
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.
Invisioncommunity Invision Power Board
383
VMScore
CVE-2017-8897
Invision Power Services (IPS) Community Suite 4.1.19.2 and previous versions has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announ...
Invisioncommunity Invision Power Board
383
VMScore
CVE-2016-2564
Invision Power Services (IPS) Community Suite prior to 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.
Invisioncommunity Invision Power Board
383
VMScore
CVE-2014-5106
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x up to and including 3.4.6 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.
Invisioncommunity Invision Power Board 3.4.0
Invisioncommunity Invision Power Board 3.4.5
Invisioncommunity Invision Power Board 3.4.6
Invisioncommunity Invision Power Board 3.4.1
Invisioncommunity Invision Power Board 3.4.2
Invisioncommunity Invision Power Board 3.4.3
Invisioncommunity Invision Power Board 3.4.4
383
VMScore
CVE-2014-3149
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x up to and including 3.4.6, as downloaded prior to 20140424, or IP.Nexus 1.5.x up to and including 1.5.9, as downloaded prior to 20140424, allows remote malicious users to ...
Invisionpower Ip.nexus 1.5.6
Invisionpower Ip.nexus 1.5.5
Invisioncommunity Invision Power Board 3.3.0
Invisioncommunity Invision Power Board 3.3.3
Invisioncommunity Invision Power Board 3.3.4
Invisioncommunity Invision Power Board 3.4.0
Invisioncommunity Invision Power Board 3.4.1
Invisioncommunity Invision Power Board 3.4.2
Invisionpower Ip.nexus 1.5.4
Invisionpower Ip.nexus 1.5.3
Invisioncommunity Invision Power Board 3.4.3
Invisioncommunity Invision Power Board 3.4.4
Invisionpower Ip.nexus 1.5.8
Invisionpower Ip.nexus 1.5.7
Invisionpower Ip.nexus 1.5.0
Invisioncommunity Invision Power Board 3.3.1
Invisioncommunity Invision Power Board 3.3.2
Invisionpower Ip.nexus 1.5.9
Invisionpower Ip.nexus 1.5.2
Invisionpower Ip.nexus 1.5.1
Invisioncommunity Invision Power Board 3.4.5
Invisioncommunity Invision Power Board 3.4.6
383
VMScore
CVE-2010-3424
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Invisioncommunity Invision Power Board 3.1.2
312
VMScore
CVE-2021-39250
Invision Community (aka IPS Community Suite or IP-Board) prior to 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an ad...
Invisioncommunity Invision Power Board
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2