Description
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.
Affected products
- invision_power_services / invision_power_board1.0 – 1.0
- invision_power_services / invision_power_board1.0.1 – 1.0.1
- invision_power_services / invision_power_board1.1.1 – 1.1.1
- invision_power_services / invision_power_board1.1.2 – 1.1.2
- invision_power_services / invision_power_board1.2 – 1.2
- invision_power_services / invision_power_board1.3 – 1.3
- invision_power_services / invision_power_board1.3.1_final – 1.3.1_final
- invision_power_services / invision_power_board1.3_final – 1.3_final