Invision Power Board 3.0.5 stored Cross site

Test method:

The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! Product: Invision Power Board
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.invisionpower.com
Vendor-Status: informed
Advisory-Status: published

Credits
================
Discovered by: David Vieira-Kurz
Http://www.majorsecurity.info/penetrationstest.php

Affected Products:
----------------------------
Invision Power Board 3.0.5 and prior

Introduction
================
Invision Power Board is a widely used forums script.

More Details
================
Input passed to the calendar app (which is one of the core modules inside invision power board) is not properly
Sanitised before being stored and returned to the user.
This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected
Site.
The calendar can be shown on every page of the invision board, so that in fact this is a serous security issue.

Solution
==================
Web applications shocould never trust on user generated input and therefore sanatize all input.

MajorSecurity
======================
MajorSecurity is a German penetrationtesting and security research company which focuses
On web application security. We offer professional penetrationstest, security audits,
Source code reviews.