Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4516

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4516
Last Modified 07 Mar 2011 09:28:25
Published 27 Dec 2005 08:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4516

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags.

Vulnerable Systems

Application

  • Php Fusion 6.00.200

  • Php Fusion 6.00.204

  • Php Fusion 6.00.205

  • Php Fusion 6.00.206

  • Php Fusion 6.00.207

  • Php Fusion 6.00.300


References

SECUNIA - 18190

VUPEN - ADV-2005-3063

BID - 15931

BUGTRAQ - 20051222 XSS&Sql injection attack in PHP-Fusion 6.00.3 Released

OSVDB - 22050

OSVDB - 22048

SREASON - 272


Last Updated: 27 May 2016 10:41:20