CVE-2015-6810: XSS

First published: Fri Sep 04 2015(Updated: )

Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/severity
• agent/author
• agent/description
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/event
• agent/first-publish-date
• agent/source
• agent/weakness
• agent/softwarecombine
• agent/tags
• collector/nvd-index
• agent/software-canonical-lookup-request
• vendor/invisionpower
• canonical/invisionpower invision power board
• version/invisionpower invision power board/4.0.0
• version/invisionpower invision power board/4.0.1
• version/invisionpower invision power board/4.0.2
• version/invisionpower invision power board/4.0.3
• version/invisionpower invision power board/4.0.4
• version/invisionpower invision power board/4.0.5.1
• version/invisionpower invision power board/4.0.6.1
• version/invisionpower invision power board/4.0.7
• version/invisionpower invision power board/4.0.8
• version/invisionpower invision power board/4.0.8.1
• version/invisionpower invision power board/4.0.9.2
• version/invisionpower invision power board/4.0.10.2
• version/invisionpower invision power board/4.0.11
• version/invisionpower invision power board/4.0.12