Invision Power Services Community Suite Cross-Site Scripting Vulnerability

Invision Power Services IPS Community Suite is an integrated application for building communities on the web. A cross-site scripting vulnerability exists in Announcements in IPS Community Suite 4.1.19.2 and earlier. A remote attacker can exploit this vulnerability by leveraging the...

CVE-2017-8898

Invision Power Services IPS Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announcecontent parameter in an index.php?/modcp/announcements/&action=create request. This is...