CVE-2005-0692

Name of the Vulnerable Software and Affected Versions PHP-Fusion versions 5.x

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. This occurs in the fusion core.php file.

Recommendations For PHP-Fusion version 5.x, update to a version that includes a fix for this issue, as using character-encoded Javascript in IMG bbcode can lead to XSS attacks. As a temporary workaround, consider restricting the use of IMG bbcode in messages to minimize the risk of exploitation.