CVE Tools

invisioncommunity

Web & CMS Pluginscommercial

13

Cumulative CVEs

9

Monthly snapshots

#72

Peak rank

Top products

ips community suite2

Latest CVEs

The 15 most recently published vulnerabilities affecting invisioncommunity.

CVE-2025-47916Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/module...10.0May 16, 2025
CVE-2024-30163Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed t...9.8Jun 7, 2024
CVE-2021-40604A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when ...9.1Jun 13, 2022
CVE-2021-39249Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP ...6.1Aug 17, 2021
CVE-2021-39250Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-gen...5.4Aug 17, 2021
CVE-2021-32924Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafel...8.8Jun 1, 2021
CVE-2021-3025Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/down...8.8Jan 8, 2021
CVE-2021-3026Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.6.1Jan 5, 2021
CVE-2020-29477Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user w...4.8Dec 30, 2020
CVE-2009-5159Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.6.1Mar 13, 2020
CVE-2013-3725Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.9.8Feb 12, 2020
CVE-2012-2226Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.9.8Jan 9, 2020
CVE-2019-8278Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.6.1Mar 2, 2019
CVE-2014-4928SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.8.8Mar 20, 2018
CVE-2017-8899Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered...8.1May 11, 2017