EIP-2026-107912

PRE-CVE

Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107912. PoCs published by arron ward.

AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in Invision Power Board due to insufficient input sanitization. The provided URL injects arbitrary JavaScript code, which executes in the context of the user's browser.

Description

Invision Power Board (IP.Board) 2.0.3/2.1 - 'Act' Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED
by arron ward · textwebappsphp
https://www.exploit-db.com/exploits/25593

The exploit demonstrates a cross-site scripting (XSS) vulnerability in Invision Power Board due to insufficient input sanitization. The provided URL injects arbitrary JavaScript code, which executes in the context of the user's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Invision Power Board (version unspecified)
No auth needed
Prerequisites: Victim must visit the crafted URL
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026