Invisioncommunity Invisioncommunity

  1. Vendors
  2. Invisioncommunity

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Invisioncommunity product.

RSS Feeds for Invisioncommunity security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Invisioncommunity products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Invisioncommunity Sorted by Most Security Vulnerabilities since 2018

Invisioncommunity Invision Power Board16 vulnerabilities

Invisioncommunity Ips Community Suite4 vulnerabilities

Invisioncommunity2 vulnerabilities

Invisioncommunity Gallery1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Invisioncommunity. Last year, in 2025 Invisioncommunity had 1 security vulnerability published. Right now, Invisioncommunity is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 1 9.80
2024 1 9.80
2023 0 0.00
2022 1 9.10
2021 5 7.04
2020 0 0.00
2019 1 0.00
2018 1 8.80

It may take a day or so for new Invisioncommunity vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Invisioncommunity Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-47916 May 16, 2025
Invision Community <5.0.7 RCE via Template Injection (themeeditor.php) Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings.
Invisioncommunity
CVE-2024-30163 Jun 07, 2024
Invision Community SQLi via store.php _categoryView before 4.7.16 Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.
Invisioncommunity
CVE-2021-40604 Jun 13, 2022
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.
Ips Community Suite
CVE-2021-39249 Aug 17, 2021
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
Invision Power Board
CVE-2021-39250 Aug 17, 2021
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).
Invision Power Board
CVE-2021-32924 Jun 01, 2021
Invision Community (aka IPS Community Suite) before 4.6.0 Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
Ips Community Suite
CVE-2021-3025 Jan 08, 2021
Invision Community IPS Community Suite before 4.5.4.2 Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
Ips Community Suite
CVE-2021-3026 Jan 05, 2021
Invision Community IPS Community Suite before 4.5.4.2 Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.
Ips Community Suite
CVE-2019-8278 Mar 02, 2019
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.
Invision Power Board
CVE-2014-4928 Mar 20, 2018
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.
Invision Power Board
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.