CVE-2017-8898
CVE-2017-8898 affects Invision Power Services (IPS) Community Suite v4.1.19.2 and earlier. A stored XSS vulnerability exists in the Announcements feature, enabling privilege escalation from a moderator to an administrator. The attack uses the announce_content parameter via the index.php?/modcp/an...