CVE-2008-6565

Name of the Vulnerable Software and Affected Versions Invision Power Board versions 2.3.1 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature. This could potentially lead to unauthorized actions on behalf of the user.

Recommendations For Invision Power Board versions 2.3.1 and earlier, update to a version later than 2.3.1 to resolve the issue. As a temporary workaround, consider restricting the use of IFRAME tags in user signatures until a patch is available.