CVE-2013-1804
PHP-Fusion prior to 7.02.06 contains multiple XSS vulnerabilities enabling an attacker to inject arbitrary scripts via numerous parameters (e.g., forum/viewthread.php highlight, messages.php user_list/user_types, shoutbox_admin.php message, administration/news.php message, administration/panel_ed...