Invision Power Board Unspecified HTML Injection Vulnerability

Invision Power Board is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is displayed, and launch other attacks.

Invision Power Board 3.2.0, 3.2.1, 3.2.2, and 3.2.3 are vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus