CVE-2017-8899
CVE-2017-8899 affects Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier. The issue is a composite of Stored XSS and Information Disclosure in the attachments feature within User CP. The primary cause is the ability to upload an SVG document with a crafted attribute such as onload...