Invision Power Board is available under a yearly and lifetime purchase option for both personal and commercial use, no catches, no "spyware", no hidden costs anywhere. The Vulnerabillity is Cross Site Scripting. The vulnerable form fields are "c","f","showtopic","showuser","username". If an attacker will request the following url from the server. Enjoy!