Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2021-08-17T22:02:27
Updated: 2024-08-04T02:06:40.956Z
Reserved: 2021-08-17T00:00:00
Link: CVE-2021-39249

No data.

Status : Modified
Published: 2021-08-17T23:15:07.617
Modified: 2024-11-21T06:19:01.370
Link: CVE-2021-39249

No data.