Description

Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.

Remediation

References

CVE-2007-3559

Related Vulnerabilities

Oracle JRE CVE-2013-1485 Vulnerability (CVE-2013-1485)

Ruby Numeric Errors Vulnerability (CVE-2008-2726)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5747)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7853)

WordPress Plugin PitchPrint Arbitrary File Upload (7.1.1)

Severity

Low

Classification

CVE-2007-3559

Tags

Missing Update Known Vulnerabilities