In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
CPE | Name | Operator | Version |
---|---|---|---|
php-fusion | eq | 9.03.50 |