PHP-Fusion homepage address Parameter XSS

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server hosts a PHP script that is prone to
cross-site scripting attacks.

Description :

A vulnerability exists in the version of PHP-Fusion installed on the
remote host that could allow an attacker to perform a cross-site
scripting attack and execute arbitrary HTML and script code in the
context of the user's browser.

Solution :

Apply the patch for 4.01.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 15392 ()

Bugtraq ID:

CVE ID: