Vulnerabilities > CVE-2006-3555 - Unspecified vulnerability in PHP Fusion PHP Fusion

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

php-fusion

NVD

Published: 2006-07-13

Updated: 2024-11-21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.

Vulnerable Configurations

Part	Description	Count
Application	Php_Fusion PHP Fusion PHP Fusion 6.00.307 PHP Fusion PHP Fusion 6.0.105 PHP Fusion PHP Fusion 6.00.105 PHP Fusion PHP Fusion 6.00.106 PHP Fusion PHP Fusion 6.00.103 PHP Fusion PHP Fusion 6.00.101 PHP Fusion PHP Fusion 6.0.106 PHP Fusion PHP Fusion 6.00.107 PHP Fusion PHP Fusion 6.00.303 PHP Fusion PHP Fusion 6.00.3 PHP Fusion PHP Fusion 6.00.104 PHP Fusion PHP Fusion 6.01.2 PHP Fusion PHP Fusion 6.00.100 PHP Fusion PHP Fusion 6.00.108 PHP Fusion PHP Fusion 6.00.207 PHP Fusion PHP Fusion 6.00.306 PHP Fusion PHP Fusion 6.00.304 PHP Fusion PHP Fusion 6.00.200 PHP Fusion PHP Fusion 6.00.110 PHP Fusion PHP Fusion 6.0.107 PHP Fusion PHP Fusion 6.00.102 PHP Fusion PHP Fusion 6.00.205 PHP Fusion PHP Fusion 6.00.109 PHP Fusion PHP Fusion 6.00.206 PHP Fusion PHP Fusion 6.00.204 PHP Fusion PHP Fusion 6.00.300	26

Summary

Vulnerable Configurations

References