CVE-2005-2074

Name of the Vulnerable Software and Affected Versions: PHP-Fusion version 6.0.105

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a news or article post. The vulnerability possibly involves the news body, article description, or article body parameters to the "submit.php" endpoint.

Recommendations: For PHP-Fusion version 6.0.105, as a temporary workaround, consider restricting access to the submit.php endpoint until a patch is available. Avoid using the news body, article description, or article body parameters in the submit.php endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.