EIP-2026-107910

PRE-CVE

Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107910. PoCs published by Rafel Ivgi The-Insider.

AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in Invision Power Board 1.3 Final due to insufficient input sanitization in URI parameters. The PoC includes crafted URLs that inject malicious scripts to steal cookies or execute arbitrary JavaScript.

Description

Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rafel Ivgi The-Insider · textwebappsphp

https://www.exploit-db.com/exploits/23767

View Code ZIP pw:eip

This exploit demonstrates multiple XSS vulnerabilities in Invision Power Board 1.3 Final due to insufficient input sanitization in URI parameters. The PoC includes crafted URLs that inject malicious scripts to steal cookies or execute arbitrary JavaScript.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Invision Power Board 1.3 Final

No auth needed

Prerequisites: Victim must visit a crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026