Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-6810 — Cross-site Scripting in Invision Power Board

CWE-79 — Cross-site Scripting4 documents4 sources
Severity
3.5LOWNVD
EPSS
0.8%
top 25.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Invisionpower Invision Power Board
Timeline
PublishedSep 4
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

â–¶NVDinvisionpower/invision_power_board14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-cxwq-372h-pr95: Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4↗2022-05-17
â–¶
CVEList
CVE-2015-6810: Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4↗2015-09-04
â–¶

💥Exploits & PoCs

1
Exploit-DB
Invision Power Board (IP.Board) 4.x - Persistent Cross-Site Scripting↗2015-08-27
â–¶
CVE-2015-6810 — Cross-site Scripting | cvebase