Description
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-8810)
WordPress Plugin SMTP Mail Cross-Site Scripting (1.1.14)
WordPress Plugin Companion Auto Update Cross-Site Scripting (2.9.3)
WordPress Plugin InfiniteWP Client PHP Object Injection (1.6.0)
XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)