Description
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin YARPP-Yet Another Related Posts Multiple Vulnerabilities (4.2.4)
WordPress Plugin SiteGround Security Security Bypass (1.2.5)
WordPress Plugin Total Security Multiple Unspecified Vulnerabilities (3.4.1)
Dot CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3688)