PHP-Fusion.Cross-Site.Scripting.Vulnerability

description-logoDescription

PHP-Fusion is an open source content management software available in various platform.
The application is vulnerable to a cross-site scripting attack due to a insufficient data validation while processing "Subject" test area field in contact.php.

affected-products-logoAffected Products

PHP-Fusion Versions 6.00.306 and before

Impact logoImpact

The vulnerable system can be compromised and has a risk of arbitrary code execution.

recomended-action-logoRecommended Actions

Please update to the latest version of PHP-Fusion.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)