CVE-2007-3559

Name of the Vulnerable Software and Affected Versions PHP-Fusion versions 6.01.9 through 6.01.10

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via the URI when guest posts are enabled. This is related to the FUSION QUERY constant.

Recommendations For PHP-Fusion versions 6.01.9 through 6.01.10, consider disabling guest posts in the shoutbox panel to minimize the risk of exploitation until a patch is available. Restrict access to the infusions/shoutbox panel/shoutbox panel.php file to prevent malicious injections.