Description
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-35197)
WordPress Plugin SendPress Newsletters Multiple Vulnerabilities (1.1.7.21)
Oracle Database Server Other Vulnerability (CVE-2007-0277)
MySQL CVE-2017-3454 Vulnerability (CVE-2017-3454)
Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2966)