EIP-2026-107911

PRE-CVE

Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107911. PoCs published by Boy Bear.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Invision Power Board by injecting arbitrary HTML and JavaScript code via the 'showtopic' URI parameter. The PoC includes examples of malicious links that execute scripts when followed.

Description

Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED
by Boy Bear · textwebappsphp
https://www.exploit-db.com/exploits/23129

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Invision Power Board by injecting arbitrary HTML and JavaScript code via the 'showtopic' URI parameter. The PoC includes examples of malicious links that execute scripts when followed.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Invision Power Board (version not specified)
No auth needed
Prerequisites: A vulnerable version of Invision Power Board · User interaction to follow a malicious link
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026