Description
Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.
Affected products
- invision_power_services / invision_power_board1.3_final – 1.3_final