|
|
CVE Reference: CVE-2006-3555 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-3555 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/27537 SREASON http://securityreason.com/securityalert/1224 SAID Secunia Advisory: SA20904 CONFIRM http://php-fusion.co.uk/news.php BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/438938/100/0/threaded BID 18787 |
|
| Return to the previous page. |
