XSS in Invisioncommunity Invision_power_board
CVE-2010-3424
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (60.4th percentile) — read the EPSS interpretation.
Affected products
- Invisioncommunity Invision_power_board — versions 3.1.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- ADV-2010-2328 (Patch, vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- 43053 (Patch, vdb-entry, x_refsource_BID)
- 41314 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)