FusionPHP Fusion News Cross-Site Scripting Vulnerability
BID:10203
Info
FusionPHP Fusion News Cross-Site Scripting Vulnerability
| Bugtraq ID: | 10203 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 23 2004 12:00AM |
| Updated: | Apr 23 2004 12:00AM |
| Credit: | Discovery of this issue is credited to DarkBicho <[email protected]>. |
| Vulnerable: |
Fusionphp Fusion News 3.6.1 |
| Not Vulnerable: | |
Discussion
FusionPHP Fusion News Cross-Site Scripting Vulnerability
An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.
An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.
Exploit / POC
FusionPHP Fusion News Cross-Site Scripting Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/fullnews.php?id=<script>alert(document.cookie);</script>
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/fullnews.php?id=<script>alert(document.cookie);</script>
Solution / Fix
FusionPHP Fusion News Cross-Site Scripting Vulnerability
Solution:
It has been reported that a patch is available from FusionPHP. Users are recommended to contact the vendor directly in order to obtain a fix.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It has been reported that a patch is available from FusionPHP. Users are recommended to contact the vendor directly in order to obtain a fix.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
FusionPHP Fusion News Cross-Site Scripting Vulnerability
References:
References:
- Fusion News Cross-Site Scripting Advisory (DarkBicho)