CVE-2008-6565

Invision Power Services Invision Power Board < 2.3.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SHAHEE_MIRZA · htmlwebappsphp

https://www.exploit-db.com/exploits/31541

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/490115/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28466

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41502

Scores

EPSS 0.0015

EPSS Percentile 34.9%

Classification

CWE

CWE-79

Status published

Affected Products (44)

invision_power_services/invision_power_board < 2.3.1

invision_power_services/invision_power_board

... and 29 more

Timeline

Published Mar 31, 2009

Tracked Since Feb 18, 2026