Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00441
Percentile: 0.62284

CVSS Scoring

Affected Products

• cpe:2.3:a:invision_power_services:invision_community_blog:1.0:*:*:*:*:*:*:*
• cpe:2.3:a:invision_power_services:invision_community_blog:1.1:*:*:*:*:*:*:*

← Back to Home