Description
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
Exploits (1)
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72311
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51365
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/files/view/108542/phpfusion70204-xss.txt
Scores
EPSS
0.0079
EPSS Percentile
74.1%
Details
CWE
CWE-79
Status
published
Products (1)
php-fusion/php-fusion
7.02.04
Published
Nov 26, 2012
Tracked Since
Feb 18, 2026