2 matches found
Cross site scripting
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the catid parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043...
CVE-2012-6043
CVE-2012-6043 describes a cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.04. The flaw resides in downloads.php, where the cat_id parameter can be exploited to inject arbitrary web script or HTML. Affected software/changelog details: PHP-Fusion 7.02.04; vulnerability type: XSS; vector...