CVE-2006-0593 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.

Affected Software

Name	Vendor	Start Version	End Version
Php_fusion	Php_fusion	6.00.105	6.00.105
Php_fusion	Php_fusion	6.00.106	6.00.106
Php_fusion	Php_fusion	6.00.103	6.00.103
Php_fusion	Php_fusion	6.00.101	6.00.101
Php_fusion	Php_fusion	6.00.107	6.00.107
Php_fusion	Php_fusion	6.00.303	6.00.303
Php_fusion	Php_fusion	6.00.104	6.00.104
Php_fusion	Php_fusion	6.00.100	6.00.100
Php_fusion	Php_fusion	6.00.108	6.00.108
Php_fusion	Php_fusion	6.00.207	6.00.207
Php_fusion	Php_fusion	6.00.200	6.00.200
Php_fusion	Php_fusion	6.00.110	6.00.110
Php_fusion	Php_fusion	6.00.102	6.00.102
Php_fusion	Php_fusion	6.00.205	6.00.205
Php_fusion	Php_fusion	6.00.109	6.00.109
Php_fusion	Php_fusion	6.00.206	6.00.206
Php_fusion	Php_fusion	6.00.204	6.00.204
Php_fusion	Php_fusion	6.00.300	6.00.300

References

http://www.php-fusion.co.uk/news.php?readmore=307
http://www.php-fusion.co.uk/downloads.php?cat_id=3
http://www.osvdb.org/22980
http://www.osvdb.org/22981
http://secunia.com/advisories/18949
http://www.securityfocus.com/bid/16548
http://www.vupen.com/english/advisories/2006/0463
https://exchange.xforce.ibmcloud.com/vulnerabilities/24548

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0593
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html