CVE-2004-1703

HIGH

Fusion News 3.6.1 - Cross-Site Request Forgery via BBCode Image Tag

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1703. PoCs published by Joseph Moniz.

AI-analyzed exploit summary The provided text describes a vulnerability in Fusion News where an attacker can craft a malicious URI to execute administrative commands via XSS when activated by an admin. No actual exploit code is present, only a description and example URI.

Description

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Joseph Moniz · textwebappsphp
https://www.exploit-db.com/exploits/24341

The provided text describes a vulnerability in Fusion News where an attacker can craft a malicious URI to execute administrative commands via XSS when activated by an admin. No actual exploit code is present, only a description and example URI.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Fusion News 3.6.1 and prior
No auth needed
Prerequisites: Victim must be an administrator and interact with the malicious URI
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109122824523226&w=2
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10836
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1010829
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16853

Scores

CVSS v3 8.8
EPSS 0.0196
EPSS Percentile 77.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
fusionphp/fusion_news 3.6.1
Published Jul 30, 2004
Tracked Since Feb 18, 2026