Summary
This host is installed with PHP-Fusion and is prone cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed.
Impact Level: Application
Solution
Apply the patch or upgrade to 7.02.05 or later,
For updates refer to http://www.php-fusion.co.uk/index.php
Insight
The flaw is due to input passed via the 'cat_id' parameter to 'downloads.php' is not properly sanitized before being it is returned to the user.
Affected
PHP-Fusion version 7.02.04
References
Severity
Classification
-
CVE CVE-2012-6043 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability