Critical severity9.8NVD Advisory· Published May 11, 2017· Updated May 13, 2026
CVE-2017-8898
CVE-2017-8898
Description
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option.
Affected products
1- cpe:2.3:a:invisioncommunity:invision_power_board:*:*:*:*:*:*:*:*Range: <=4.1.19.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- zeroday.insecurity.zone/exploits/ipb_owned.txtnvdExploitThird Party Advisory
- twitter.com/insecurity/status/862154908895780864nvdExploitThird Party Advisory
- twitter.com/sxcurity/status/862284967715381248nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.