Invisioncommunity Ips Community Suite — known CVE vulnerabilities
Every CVE whose affected-product data names Invisioncommunity Ips Community Suite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-40604 — CVSS 9.1 (critical): A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request…
CVE-2021-3025 — CVSS 8.8 (high): Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a…
CVE-2021-32924 — CVSS 8.8 (high): Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the…
CVE-2021-3026 — CVSS 6.1 (medium): Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.