Description
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
Remediation
References
Related Vulnerabilities
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32028)
WordPress Plugin Easy PayPal Buy Now Button Multiple Vulnerabilities (1.7.2)
WordPress Plugin Marekkis Watermark Cross-Site Scripting (0.9.1)
Oracle JRE CVE-2013-2468 Vulnerability (CVE-2013-2468)
WordPress Plugin Affiliate Power-Sales Tracking for Affiliate Marketers Cross-Site Scripting (2.2.0)