CVE-2021-39249

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function.
References
Configurations

Configuration 1

cpe:2.3:a:invisioncommunity:invision_power_board:*:*:*:*:*:*:*:*

Information

Published : 2021-08-17 11:15

Updated : 2022-07-12 05:42


NVD link : CVE-2021-39249

Mitre link : CVE-2021-39249

Products Affected
No products.
CWE