Family: CGI abuses : XSS --> Category: infos
PHP-Fusion BBCode URL Tag Script Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for BBCode url tag script injection vulnerability in PHP-Fusion
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is prone to cross-
site scripting attacks.
According to its version number, the remote host is running a version
of PHP-Fusion that reportedly does not sufficiently sanitize input
passed in nested 'url' BBcode tags before using it in a post. An
attacker may be able to exploit this flaw to cause arbitrary script
and HTML code to be executed in the context of a user's browser when
he/she views the malicious BBcode on the remote host.
See also :
Upgrade to PHP-Fusion 6.00.108 or later.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.