CVE-2015-6810
Invision Power Board 4.x < 4.0.12.1 - Authenticated Cross-Site Scripting via Event Location Address Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-6810. PoCs published by snop.
AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in IP.Board 4.X, where malicious JavaScript can be injected via the 'event_location[address][]' parameter in calendar events. The vulnerability allows for persistent execution of arbitrary JavaScript in the context of the user's browser.
Description
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
Exploits (1)
This is a writeup describing a stored XSS vulnerability in IP.Board 4.X, where malicious JavaScript can be injected via the 'event_location[address][]' parameter in calendar events. The vulnerability allows for persistent execution of arbitrary JavaScript in the context of the user's browser.