Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0593

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0593
Last Modified 07 Mar 2011 09:30:25
Published 07 Feb 2006 08:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0593

Summary

Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.

Vulnerable Systems

Application

  • Php Fusion 6.00.100

  • Php Fusion 6.00.101

  • Php Fusion 6.00.102

  • Php Fusion 6.00.103

  • Php Fusion 6.00.104

  • Php Fusion 6.00.105

  • Php Fusion 6.00.106

  • Php Fusion 6.00.107

  • Php Fusion 6.00.108

  • Php Fusion 6.00.109

  • Php Fusion 6.00.110

  • Php Fusion 6.00.200

  • Php Fusion 6.00.204

  • Php Fusion 6.00.205

  • Php Fusion 6.00.206

  • Php Fusion 6.00.207

  • Php Fusion 6.00.300

  • Php Fusion 6.00.303


References

VUPEN - ADV-2006-0463

CONFIRM - http://www.php-fusion.co.uk/news.php?readmore=307

XF - phpfusion-multiple-xss(24548)

BID - 16548

CONFIRM - http://www.php-fusion.co.uk/downloads.php?cat_id=3

OSVDB - 22981

OSVDB - 22980

SECUNIA - 18949


Last Updated: 27 May 2016 10:41:43