Php-fusion PHP-Fusion 跨站脚本漏洞

PHP-Fusion is a lightweight open source content management system. A reflective cross-site scripting vulnerability exists in /administration/theme.php in PHP-Fusion version 9.03.60, which can be exploited to execute arbitrary web script or HTML via the "Manage Theme" field...

SA-CONTRIB-2009-099 - RootCandy Theme - Cross Site Scripting

RootCandy is a theme specifically designed for use in the administration section. The theme fails to sanitize a URL value, leading to a Cross Site Scripting XSS vulnerability. Versions affected RootCandy theme for Drupal 6.x prior to RootCandy 6.x-1.5 Drupal core is not affected. If you do not us...