Invision Community (aka IPS Community Suite or IP-Board) prior to 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
invisioncommunity invision power board |