CVE-2006-3555
Multiple cross-site scripting XSS vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using editprofile.php to upload a 1 avatar or 2 forum image attachment that has a .gif or .jpg extension, and begins with a GIF header...