Unrated severityNVD Advisory· Published Sep 4, 2015· Updated May 6, 2026
CVE-2015-6810
CVE-2015-6810
Description
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
Affected products
14cpe:2.3:a:invisionpower:invision_power_board:4.0.12:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:invisionpower:invision_power_board:4.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:invisionpower:invision_power_board:4.0.11:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.exploit-db.com/exploits/37989/nvdExploit
- community.invisionpower.com/release-notes/40121-r22/nvdVendor Advisory
News mentions
0No linked articles in our index yet.