EIP-2026-107911
PRE-CVEInvision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-107911. PoCs published by Boy Bear.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Invision Power Board by injecting arbitrary HTML and JavaScript code via the 'showtopic' URI parameter. The PoC includes examples of malicious links that execute scripts when followed.
Description
Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Boy Bear · textwebappsphp
https://www.exploit-db.com/exploits/23129
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Invision Power Board by injecting arbitrary HTML and JavaScript code via the 'showtopic' URI parameter. The PoC includes examples of malicious links that execute scripts when followed.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Invision Power Board (version not specified)
No auth needed
Prerequisites:
A vulnerable version of Invision Power Board · User interaction to follow a malicious link
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026