GreyHat hackers Sony and Flexxpoint , come with an interesting XSS finding in Invision Power Board. He is not sure which version of the IP Board is vulnerable but he sure it is between 3.1.x to 3.2.x.
Lot of websites are usings IP Board for their support forum. The forum for PCWorld, GovernmentSecurity.org, Webmoney.ru, Dr.web affected by this vulnerability.
The New-other Recipients fields in compose form of the Personal Messenger page is found to be vulnerable to XSS attack. Inserting xss code in New-other Recipients and pressing send/preview button, executes the script.
The XSS Vulnerability in IP Board version 3.2.3 used in Dr.Web was fixed before itslef but still exist in dr.Web's forum because they just used a un-patched software at the moment of writing on this post.
Lot of websites are usings IP Board for their support forum. The forum for PCWorld, GovernmentSecurity.org, Webmoney.ru, Dr.web affected by this vulnerability.
The XSS Vulnerability in IP Board version 3.2.3 used in Dr.Web was fixed before itslef but still exist in dr.Web's forum because they just used a un-patched software at the moment of writing on this post.
