CVE-2021-3026
https://notcve.org/view.php?id=CVE-2021-3026
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. Invision Community IPS Community Suite versiones anteriores a 4.5.4.2, permite un ataque de tipo XSS durante la cita de una publicación o comentario • https://invisioncommunity.com/release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-29477 – Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-29477
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload. Invision Community versión 4.5.4, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en el campo Field Name. Esta vulnerabilidad puede permitir a un atacante inyectar una carga útil de tipo XSS en Field Name y cada vez que un usuario lo abre, el XSS se desencadena y el atacante puede ser capaz de robar la cookie de acuerdo a la carga útil diseñada. • https://www.exploit-db.com/exploits/49188 http://invision.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-5159
https://notcve.org/view.php?id=CVE-2009-5159
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. Invision Power Board (también se conoce como IPB o IP.Board) versiones 2.x hasta 3.0.4, cuando Internet Explorer 5 es usado, permite un ataque de tipo XSS por medio de un archivo adjunto .txt. • http://community.invisionpower.com/topic/300051-invision-power-board-305-released https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/33394 https://www.securityfocus.com/bid/37263/info • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-3725
https://notcve.org/view.php?id=CVE-2013-3725
Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. Invision Power Board (IPB) versiones hasta 3.x, permite la toma de control de la cuenta de administrador conllevando a una ejecución de código. • http://www.john-jean.com/blog/securite-informatique/ipb-invision-power-board-all-versions-1-x-2-x-3-x-admin-account-takeover-leading-to-code-execution-742 •
CVE-2019-8278
https://notcve.org/view.php?id=CVE-2019-8278
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. Cross-Site Scripting (XSS) persistente en Invision Power Board, desde la versión 3.3.1 hasta la 3.4.8, conduce a la ejecución remota de código. • http://www.securityfocus.com/bid/107258 https://scriptinjection.blogspot.com/2019/02/invision-power-board-331-348-stored-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •