VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 8, 2006· Updated Apr 16, 2026

CVE-2006-0593

CVE-2006-0593

Description

Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.

Affected products

18
  • PHP-Fusion/PHP Fusion18 versions
    cpe:2.3:a:php_fusion:php_fusion:6.00.100:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:php_fusion:php_fusion:6.00.100:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.101:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.102:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.103:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.104:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.105:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.106:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.107:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.108:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.109:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.110:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.200:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.204:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.205:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.206:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.207:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.300:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.303:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.