2 matches found
CVE-2020-23179
A stored cross site scripting XSS vulnerability in administration/settingsmain.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field...
CVE-2005-4655
Cross-site scripting XSS vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the newsbody parameter, as demonstrated by elements such as "ta" and "ript"...