Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2006-3555

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.

  • Published: Jul 13, 2006
  • Updated: Apr 13, 2023
  • CVE: CVE-2006-3555
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Software From Fixed in
php_fusion / php_fusion 6.00.307 6.00.307.x
php_fusion / php_fusion 6.0.105 6.0.105.x
php_fusion / php_fusion 6.00.105 6.00.105.x
php_fusion / php_fusion 6.00.106 6.00.106.x
php_fusion / php_fusion 6.00.103 6.00.103.x
php_fusion / php_fusion 6.00.101 6.00.101.x
php_fusion / php_fusion 6.0.106 6.0.106.x
php_fusion / php_fusion 6.00.107 6.00.107.x
php_fusion / php_fusion 6.00.303 6.00.303.x
php_fusion / php_fusion 6.00.3 6.00.3.x
php_fusion / php_fusion 6.00.104 6.00.104.x
php_fusion / php_fusion 6.01.2 6.01.2.x
php_fusion / php_fusion 6.00.100 6.00.100.x
php_fusion / php_fusion 6.00.108 6.00.108.x
php_fusion / php_fusion 6.00.207 6.00.207.x
php_fusion / php_fusion 6.00.306 6.00.306.x
php_fusion / php_fusion 6.00.304 6.00.304.x
php_fusion / php_fusion 6.00.200 6.00.200.x
php_fusion / php_fusion 6.00.110 6.00.110.x
php_fusion / php_fusion 6.0.107 6.0.107.x
php_fusion / php_fusion 6.00.102 6.00.102.x
php_fusion / php_fusion 6.00.205 6.00.205.x
php_fusion / php_fusion 6.00.109 6.00.109.x
php_fusion / php_fusion 6.00.206 6.00.206.x
php_fusion / php_fusion 6.00.204 6.00.204.x
php_fusion / php_fusion 6.00.300 6.00.300.x