cbcvebase.
CVE-2015-6810
published 2015-09-04

CVE-2015-6810: Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1…

PriorityP416low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
1.35%
67.9th percentile
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.

Affected

14 ranges
VendorProductVersion rangeFixed in
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
invisionpowerinvision_power_board
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.