CVE-2007-2963

Name of the Vulnerable Software and Affected Versions Invision Power Board versions 2.2.2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via several modules, including module bbcodeloader.php, module div.php, module email.php, module image.php, module link.php, or the editorid parameter to module table.php in jscripts/folder rte files/.

Recommendations For Invision Power Board versions 2.2.2 and earlier, consider disabling the affected modules (module bbcodeloader.php, module div.php, module email.php, module image.php, module link.php) and restricting access to the editorid parameter in module table.php until a fix is available. Additionally, avoid using the vulnerable editorid parameter in the module table.php endpoint. At the moment, there is no information about a newer version that contains a fix for this issue.