Detections
Analytics

PHP-Fusion forum/viewthread.php highlight Parameter XSS

medium Nessus Plugin ID 65616

Language:

Synopsis

The remote web server hosts a PHP script that is affected by a cross-site scripting vulnerability.

Description

The version of PHP-Fusion installed on the remote host is affected by a cross-site scripting vulnerability because it fails to properly sanitize user input to the 'highlight' parameter of the 'forum/viewthread.php' script. An unauthenticated, remote attacker may be able to leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

Note that successful exploitation requires that at least one forum thread exists on the target install.

Additionally, this version is also reportedly affected by SQL injection, additional cross-site scripting, and local file inclusion vulnerabilities as well as an information disclosure issue and an arbitrary file deletion issue; however, Nessus did not test for these additional issues.

Solution

There is currently no known solution. Version 7.02.06 reportedly addresses multiple vulnerabilities; however, Tenable has confirmed the cross-site scripting vulnerability in 'viewthread.php' in the 7.02.06 version.

See Also

http://www.waraxe.us/advisory-97.html

https://www.php-fusion.co.uk/infusions/news/news.php?readmore=569

Plugin Details

Severity: Medium

ID: 65616

File Name: php_fusion_viewthread_highlight_xss.nasl

Version: 1.7

Type: remote

Published: 3/19/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:php_fusion:php_fusion

Required KB Items: www/PHP, www/php_fusion

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2/27/2013

Reference Information

BID: 58226

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990