PHP-Fusion BBcode color Tag Arbitrary CSS Code Insertion

2005-07-20T09:03:26
ID OSVDB:18111
Type osvdb
Reporter Grindordie()
Modified 2005-07-20T09:03:26

Description

Vulnerability Description

PHP-Fusion contains a flaw that may allow a malicious user to manipulate the website content. The issue is triggered when a malicious user supplies malformed 'color' BBcode in a post. It is possible that the flaw may allow injecting arbitrary CSS (Cascading Style Sheets) code, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PHP-Fusion contains a flaw that may allow a malicious user to manipulate the website content. The issue is triggered when a malicious user supplies malformed 'color' BBcode in a post. It is possible that the flaw may allow injecting arbitrary CSS (Cascading Style Sheets) code, resulting in a loss of integrity.

References:

Vendor URL: http://sourceforge.net/projects/php-fusion/ Vendor URL: http://www.php-fusion.co.uk Secunia Advisory ID:16096 CVE-2005-2401 Bugtraq ID: 14332