Description
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Books Gallery Unspecified Vulnerability (4.4.1)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2950)
WordPress Plugin Easy Registration Forms Unspecified Vulnerability (1.8.4)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)