Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php_fusion | Php_fusion | 6.00.100 (including) | 6.00.100 (including) |
| Php_fusion | Php_fusion | 6.00.101 (including) | 6.00.101 (including) |
| Php_fusion | Php_fusion | 6.00.102 (including) | 6.00.102 (including) |
| Php_fusion | Php_fusion | 6.00.103 (including) | 6.00.103 (including) |
| Php_fusion | Php_fusion | 6.00.104 (including) | 6.00.104 (including) |
| Php_fusion | Php_fusion | 6.00.105 (including) | 6.00.105 (including) |
| Php_fusion | Php_fusion | 6.00.106 (including) | 6.00.106 (including) |
| Php_fusion | Php_fusion | 6.00.107 (including) | 6.00.107 (including) |
| Php_fusion | Php_fusion | 6.00.108 (including) | 6.00.108 (including) |
| Php_fusion | Php_fusion | 6.00.109 (including) | 6.00.109 (including) |
| Php_fusion | Php_fusion | 6.00.110 (including) | 6.00.110 (including) |
| Php_fusion | Php_fusion | 6.00.200 (including) | 6.00.200 (including) |
| Php_fusion | Php_fusion | 6.00.204 (including) | 6.00.204 (including) |
| Php_fusion | Php_fusion | 6.00.205 (including) | 6.00.205 (including) |
| Php_fusion | Php_fusion | 6.00.206 (including) | 6.00.206 (including) |
| Php_fusion | Php_fusion | 6.00.207 (including) | 6.00.207 (including) |
| Php_fusion | Php_fusion | 6.00.300 (including) | 6.00.300 (including) |
| Php_fusion | Php_fusion | 6.00.303 (including) | 6.00.303 (including) |