Description
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.
Affected products
- invision_power_services / invision_board1.0 – 1.0
- invision_power_services / invision_board1.0.1 – 1.0.1
- invision_power_services / invision_board1.1.1 – 1.1.1
- invision_power_services / invision_board1.1.2 – 1.1.2
- invision_power_services / invision_board1.2 – 1.2
- invision_power_services / invision_board1.3 – 1.3
- invision_power_services / invision_board1.3.1_final – 1.3.1_final
- invision_power_services / invision_board1.3_final – 1.3_final
- invision_power_services / invision_board2.0 – 2.0
- invision_power_services / invision_board2.0.1 – 2.0.1
- invision_power_services / invision_board2.0.2 – 2.0.2
- invision_power_services / invision_board2.0_alpha_3 – 2.0_alpha_3
- invision_power_services / invision_board2.0_pdr3 – 2.0_pdr3
- invision_power_services / invision_board2.0_pf1 – 2.0_pf1
- invision_power_services / invision_board2.0_pf2 – 2.0_pf2