Firest0Rm

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion versions 5.x **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. This occurs in the fusion core.php file. **Recommendations** For PHP-Fusion version 5.x, update to a version that includes a fix for this issue, as using character-encoded Javascript in IMG bbcode can lead to XSS attacks. As a temporary workaround, consider restricting the use of IMG bbcode in messages to minimize the risk of exploitation.