← volver
CVE-2017-8898

CVE-2017-8898

EPSS 1.9%
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://twitter.com/insecurity/status/862154908895780864https://twitter.com/sxcurity/status/862284967715381248http://zeroday.insecurity.zone/exploits/ipb_owned.txt