Description

Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.

Remediation

References

CVE-2012-6043

Related Vulnerabilities

WordPress Plugin YARPP-Yet Another Related Posts Multiple Vulnerabilities (4.2.4)

WordPress Plugin SiteGround Security Security Bypass (1.2.5)

WordPress Plugin Total Security Multiple Unspecified Vulnerabilities (3.4.1)

Dot CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3688)

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Information Disclosure (2.2.5.1)

Severity

Medium

Classification

CVE-2012-6043 CWE-707

Tags

Missing Update Known Vulnerabilities