Home/Product/invisioncommunity invision power board
Product

invisioncommunity invision power board

27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-47916
>= 5.0.0 and < 5.0.7
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies
10.0CRITICAL
 CVE-2024-30163
>= 4.4.0 and < 4.7.16
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\fr
9.8CRITICAL
 CVE-2021-40604
< 4.6.2
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to reques
9.1CRITICAL
 CVE-2021-39250
< 4.6.5.1
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because
5.4MEDIUM
 CVE-2021-39249
< 4.6.5.1
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded fil
6.1MEDIUM
 CVE-2021-32924
< 4.6.0
Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\
8.8HIGH
 CVE-2021-3025
< 4.5.4.2
Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a
8.8HIGH
 CVE-2021-3026
< 4.5.4.2
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.
6.1MEDIUM
 CVE-2020-29477
all versions
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attack
4.8MEDIUM
 CVE-2009-5159
>= 2.0 and <= 3.0.4
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
6.1MEDIUM
 CVE-2013-3725
< 4.0.0
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.
9.8CRITICAL
 CVE-2012-2226
< 3.3.1
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive inf
9.8CRITICAL
 CVE-2019-8278
>= 3.3.1 and <= 3.4.8
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.
6.1MEDIUM
 CVE-2014-4928
< 3.4.6
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrar
8.8HIGH
 CVE-2017-8899
<= 4.1.19.2
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues
8.1HIGH
 CVE-2017-8898
<= 4.1.19.2
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalat
9.8CRITICAL
 CVE-2017-8897
<= 4.1.19.2
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: a
6.1MEDIUM
 CVE-2016-2564
<= 4.1.8.1
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function witho
5.9MEDIUM
 CVE-2016-6174
<= 4.1.12.3
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB,
8.1HIGH
 CVE-2015-6812
<= 4.0.11
Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attacker
 CVE-2014-9239
all versions
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or I
 CVE-2014-5106
all versions
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote att
 CVE-2014-3149
all versions
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as dow
 CVE-2012-5692
all versions
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unk
 CVE-2010-3424
all versions
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.
 CVE-2009-3974
all versions
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to
 CVE-2005-1947
< 1.3.1
Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and imag
4.3MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh