CVE-2007-3559

Published: Jul 4, 2007Modified: Apr 23, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.

Affected (2)

Products: Php Fusion: Php Fusion

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Php Fusion Php Fusion	Version 6.01.10
Php Fusion Php Fusion	Version 6.01.9

References (10)

http://osvdb.org/36342

Source: cve@mitre.org

http://secunia.com/advisories/25907

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/24733

Source: cve@mitre.org

http://www.xssed.com/advisory/60/PHP-FUSION_FUSION_QUERY_Cross-Site_Scripting_Vulnerability/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/35225

Source: cve@mitre.org

http://osvdb.org/36342

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25907

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/24733

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.xssed.com/advisory/60/PHP-FUSION_FUSION_QUERY_Cross-Site_Scripting_Vulnerability/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/35225

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.