Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP-Fusion < 5.01 BBcode IMG Tag XSS

Medium

Synopsis

The remote host is vulnerable to an HTML injection attack.

Description

The remote host is running a version of PHP-Fusion which is vulnerable to a script injection flaw. The 'fusion_core.php' script is reportedly vulnerable to an attack where an attacker can inject HTML and script code through the 'BBCode IMG' tag. An attacker exploiting this flaw would create a malicious URI link and then convince an unsuspecting user to click on the link. A successful attack would yield potentially confidential data (cookies, credentials) as well as potentially execute malicious code within the context of the vulnerable server.

Solution

Upgrade to version 5.01 or higher.