Skip to main content

Invision Power Board CVE-2015-6810

LOW
Cross-site Scripting (XSS) (CWE-79)
2015-09-04 cve@mitre.org
3.5
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 04, 2015 - 15:59 cve.org
LOW 3.5

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.

AnalysisAI

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. Affected products include: Invisionpower Invision Power Board. Version information: before 4.0.12.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2012-5692 CRITICAL POC
10.0 Oct 31

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3

CVE-2016-6174 HIGH POC
8.1 Jul 12

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Bo

CVE-2017-8898 CRITICAL POC
9.8 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privile

CVE-2017-8899 HIGH POC
8.1 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclos

CVE-2014-9239 HIGH POC
7.5 Dec 03

SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (ak

CVE-2017-8897 MEDIUM POC
6.1 May 11

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter

CVE-2021-39249 MEDIUM POC
6.1 Aug 17

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of up

CVE-2019-8278 MEDIUM POC
6.1 Mar 02

Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. Rated medium severity (CVSS 6.

CVE-2021-39250 MEDIUM POC
5.4 Aug 17

Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution

CVE-2015-6812 HIGH
7.8 Sep 04

Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remot

CVE-2016-2564 MEDIUM
5.9 Apr 23

Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid func

CVE-2014-3149 MEDIUM
4.3 Jul 03

Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4

Share

CVE-2015-6810 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy