Description

Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.

Remediation

References

CVE-2012-6043

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2000-0226)

Oracle JRE CVE-2012-1532 Vulnerability (CVE-2012-1532)

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8904)

WordPress Plugin Brizy-Page Builder Multiple Vulnerabilities (2.4.43)

WordPress Plugin Multiple Domain Cross-Site Scripting (1.0.2)

Severity

Medium

Classification

CVE-2012-6043 CWE-707

Tags

Missing Update Known Vulnerabilities