QSearchQSearch

CVE-2021-39249

6.1 MEDIUM

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files beco...

Published: 2021-08-17 · Last updated: 2026-06-17

Severity and scoring

CVSS
6.1 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
CWE-330

Affected products

VendorProduct
invisioncommunityinvision_power_board

Description

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-39250 Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uplo... (5.4 MEDIUM)
  • CVE-2021-3025 Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=... (8.8 HIGH)
  • CVE-2021-3026 Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment (6.1 MEDIUM)

Same CWE

  • CVE-2026-50009 Netty is a network application framework for development of protocol servers and clients (4.8 MEDIUM)
  • CVE-2026-45673 Netty is a network application framework for development of protocol servers and clients (6.8 MEDIUM)
  • CVE-2026-41701 Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter (4.4 MEDIUM)
  • CVE-2026-41838 IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in co... (4.8 MEDIUM)
  • CVE-2026-41207 The netty incubator codec.bhttp is a java language binary http parser (5.3 MEDIUM)