Reflected and Stored XSS in Invision Power Board
Invision Power Board is a very popular paid forum software. I decided to audit it and initially found a few stored XSS vulnerabilities in the admin panel, all had a low impact, so I didn't report them. I then came across the Announcements function in the Moderator Control Panel. Essentially this fun…