Invision Power Board 4.4.2

CPE Details

Invision Power Board 4.4.2
invisioncommunity
invision_power_board
4.4.2
2019-07-17
10h57 +00:00
2019-07-17
10h57 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:invisioncommunity:invision_power_board:4.4.2:*:*:*:*:*:*:*

Informations

Vendor

invisioncommunity

Product

invision_power_board

Version

4.4.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-39249 2021-08-17 20h02 +00:00 Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
6.1
Medium
CVE-2021-39250 2021-08-17 20h02 +00:00 Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).
5.4
Medium