Description
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
Remediation
References
Related Vulnerabilities
WordPress Plugin ChimpMate-WordPress MailChimp Assistant Local File Inclusion (1.3.2)
Oracle HTTP Server Other Vulnerability (CVE-2002-0659)
WordPress Plugin LIQUID SPEECH BALLOON Cross-Site Scripting (1.0.6)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0219)