Description

Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.

Remediation

References

CVE-2007-3559

Related Vulnerabilities

WordPress Plugin SpiderCatalog 's_p_c_t' Parameter Multiple Cross-Site Scripting Vulnerabilities (1.1)

MySQL CVE-2024-21090 Vulnerability (CVE-2024-21090)

WordPress Plugin BuddyPress Cover Arbitrary File Upload (2.1.4.2)

WordPress Plugin The Crawl Rate Tracker 'sbtracking-chart-data.php' SQL Injection (2.0.2)

Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41080)

Severity

Low

Classification

CVE-2007-3559

Tags

Missing Update Known Vulnerabilities