Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags.
Exploits (1)
References (7)
Core 7
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/3063
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22050
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22048
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/272
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15931
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18190/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/420109/100/0/threaded
Scores
EPSS
0.0710
EPSS Percentile
91.6%
Details
Status
published
Products (6)
php_fusion/php_fusion
6.00.200
php_fusion/php_fusion
6.00.204
php_fusion/php_fusion
6.00.205
php_fusion/php_fusion
6.00.206
php_fusion/php_fusion
6.00.207
php_fusion/php_fusion
6.00.300
Published
Dec 28, 2005
Tracked Since
Feb 18, 2026