CVE-2021-39250

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).

Published: Aug 18, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-39250
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
invisioncommunity / invision_power_board	-	4.6.5.1

https://invisioncommunity.com/release-notes/4651-r102/
https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain/

Vulnerability Database

289,697

CVE-2021-39250