PHP-Fusion infusions/shoutbox_panel/shoutbox_panel.php FUSION_QUERY Variable XSS

2007-07-02T17:22:45
ID OSVDB:36342
Type osvdb
Reporter nights_shadow()
Modified 2007-07-02T17:22:45

Description

Manual Testing Notes

profile.php?lookup=1&'onmouseover=window.location.href='http://[target]

References:

Secunia Advisory ID:25907 Other Advisory URL: http://www.xssed.com/advisory/60/PHP-FUSION_FUSION_QUERY_Cross-Site_Scripting_Vulnerability/ ISS X-Force ID: 35225 CVE-2007-3559 Bugtraq ID: 24733