CVE-2015-6810

Invision Power Board 4.x < 4.0.12.1 - Authenticated Cross-Site Scripting via Event Location Address Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6810. PoCs published by snop.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in IP.Board 4.X, where malicious JavaScript can be injected via the 'event_location[address][]' parameter in calendar events. The vulnerability allows for persistent execution of arbitrary JavaScript in the context of the user's browser.

Description

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.

Exploits (1)

exploitdb WRITEUP
by snop · textwebappsphp
https://www.exploit-db.com/exploits/37989

This is a writeup describing a stored XSS vulnerability in IP.Board 4.X, where malicious JavaScript can be injected via the 'event_location[address][]' parameter in calendar events. The vulnerability allows for persistent execution of arbitrary JavaScript in the context of the user's browser.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: IP.Board 4.X (versions before 4.0.12.1)
No auth needed
Prerequisites: Access to the calendar event submission page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37989/

Scores

EPSS 0.0135
EPSS Percentile 68.0%

Details

CWE
CWE-79
Status published
Products (14)
invisionpower/invision_power_board 4.0.0
invisionpower/invision_power_board 4.0.1
invisionpower/invision_power_board 4.0.2
invisionpower/invision_power_board 4.0.3
invisionpower/invision_power_board 4.0.4
invisionpower/invision_power_board 4.0.5.1
invisionpower/invision_power_board 4.0.6.1
invisionpower/invision_power_board 4.0.7
invisionpower/invision_power_board 4.0.8
invisionpower/invision_power_board 4.0.8.1
... and 4 more
Published Sep 04, 2015
Tracked Since Feb 18, 2026