XSS in Invisionpower Invision_power_board

CVE-2015-6810

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the ev…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (75.2th percentile) — read the EPSS interpretation.

Affected products

Invisionpower Invision_power_board — versions 4.0.0, 4.0.1, 4.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

37989 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)