This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote web server hosts a PHP script that is prone to
cross-site scripting attacks.
According to its version number, the remote host is running a version
of PHP-Fusion that reportedly does not sufficiently sanitize input
passed in nested 'url' BBcode tags before using it in a post. An
attacker may be able to exploit this flaw to cause arbitrary script
and HTML code to be executed in the context of a user's browser when
viewing the malicious BBcode on the remote host.
See also :
Upgrade to PHP-Fusion 6.00.108 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true