First published: Thu May 11 2017(Updated: )
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Invision Power Board | <=4.1.19.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-8897 has a medium severity rating due to its potential for exploitation via reflected XSS attacks.
To fix CVE-2017-8897, upgrade to a version of Invision Community Suite that is later than 4.1.19.2.
CVE-2017-8897 affects Invision Power Services Community Suite versions 4.1.19.2 and earlier.
CVE-2017-8897 is classified as a pre-auth reflected cross-site scripting (XSS) vulnerability.
The attack vector for CVE-2017-8897 is located at admin/convertutf8/index.php?controller=.