Description
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2688 Vulnerability (CVE-2019-2688)
Drupal Core 7.x Cross-Site Scripting (7.0 - 7.64)
WordPress Plugin WP eCommerce 'cart_messages[]' Parameter Cross-Site Scripting (3.8.6)
Oracle Database Server Other Vulnerability (CVE-2005-3440)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)