Invision Power Services (IPS) has released security patches for IP.Board 3.3.x, IP.Board 3.4.x and IP.Nexus 1.5.x. The patches fix three file inclusion issues and a cross-site scripting (XSS) vulnerability.
The file inclusion flaw can be exploited on certain PHP configurations through some of the files designed to run from the command line. An expert who uses the online moniker sijad has privately reported the issue to IPS.
As far as the XSS vulnerability is concerned, it appears that an att…