VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 13, 2006· Updated Apr 16, 2026

CVE-2006-3555

CVE-2006-3555

Description

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.

Affected products

26
  • PHP-Fusion/PHP Fusion26 versions
    cpe:2.3:a:php_fusion:php_fusion:6.00.100:*:*:*:*:*:*:*+ 25 more
    • cpe:2.3:a:php_fusion:php_fusion:6.00.100:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.101:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.102:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.103:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.104:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.105:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.106:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.107:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.108:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.109:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.110:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.200:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.204:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.205:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.206:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.207:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.3:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.300:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.303:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.304:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.306:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.00.307:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.0.105:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.0.106:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.0.107:*:*:*:*:*:*:*
    • cpe:2.3:a:php_fusion:php_fusion:6.01.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.