Description

Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2008-6850

Related Vulnerabilities

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-33203)

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2827)

Oracle Database Server CVE-2010-4413 Vulnerability (CVE-2010-4413)

IBM RTC Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-29786)

Severity

Medium

Classification

CVE-2008-6850 CWE-707

Tags

Missing Update Known Vulnerabilities