CVE-2004-1703
HIGHFusion News 3.6.1 - Cross-Site Request Forgery via BBCode Image Tag
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-1703. PoCs published by Joseph Moniz.
AI-analyzed exploit summary The provided text describes a vulnerability in Fusion News where an attacker can craft a malicious URI to execute administrative commands via XSS when activated by an admin. No actual exploit code is present, only a description and example URI.
Description
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
Exploits (1)
The provided text describes a vulnerability in Fusion News where an attacker can craft a malicious URI to execute administrative commands via XSS when activated by an admin. No actual exploit code is present, only a description and example URI.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H