CRITICAL🇬🇧 English

CVE-2017-8898

CVSS 9.8v3.0pub. 2017-05-11upd. 2026-05-13

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Invisioncommunity Invision Power Board

    APP
    Invisioncommunity
    ≤ 4.1.19.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSLPE
CWE
Referencje

Powiązane podatności

CVE-2013-3725CRITICAL9.8ten sam produkt

Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.

CVE-2012-2226CRITICAL9.8ten sam produkt

Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to ...

CVE-2014-4928HIGH8.8ten sam produkt

SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers...

CVE-2017-8899HIGH8.1ten sam produkt

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Informati...

CVE-2016-6174HIGH8.1ten sam produkt

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invisio...