Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>".
References 4 Total
- vupen.com: ADV-2005-2192 vdb-entry
- securityreason.com: 106 third-party-advisory
- secunia.com: 17312 third-party-advisory
- archives.neohapsis.com: 20051024 Possible Bug in PHP-Fusion 6.0.204 mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- vupen.com: ADV-2005-2192 vdb-entryx_transferred
- securityreason.com: 106 third-party-advisoryx_transferred
- secunia.com: 17312 third-party-advisoryx_transferred
- archives.neohapsis.com: 20051024 Possible Bug in PHP-Fusion 6.0.204 mailing-listx_transferred