PHP-Fusion homepage address Parameter XSS

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server hosts a PHP script that is prone to
cross-site scripting attacks.

Description :

A vulnerability exists in the version of PHP-Fusion installed on the
remote host that could allow an attacker to perform a cross-site
scripting attack and execute arbitrary HTML and script code in the
context of the user's browser.

Solution :

Apply the patch for 4.01.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: CGI abuses : XSS

Nessus Plugin ID: 15392 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now