Strix
26.1K

CVE-2006-3555

UnknownEPSS 1.32%

Last modified

CVE-2006-3555 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.. EPSS estimates a 1.32% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.

Metrics

EPSS Probability
1.32%

67.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Php FusionPhp Fusion6.00.3
Php FusionPhp Fusion6.00.100
Php FusionPhp Fusion6.00.101
Php FusionPhp Fusion6.00.102
Php FusionPhp Fusion6.00.103
Php FusionPhp Fusion6.00.104
Php FusionPhp Fusion6.0.105
Php FusionPhp Fusion6.00.105
Php FusionPhp Fusion6.00.106
Php FusionPhp Fusion6.0.106
Php FusionPhp Fusion6.00.107
Php FusionPhp Fusion6.0.107
Php FusionPhp Fusion6.00.108
Php FusionPhp Fusion6.00.109
Php FusionPhp Fusion6.00.110
Php FusionPhp Fusion6.00.200
Php FusionPhp Fusion6.00.204
Php FusionPhp Fusion6.00.205
Php FusionPhp Fusion6.00.206
Php FusionPhp Fusion6.00.207
Php FusionPhp Fusion6.00.300
Php FusionPhp Fusion6.00.303
Php FusionPhp Fusion6.00.304
Php FusionPhp Fusion6.00.306
Php FusionPhp Fusion6.00.307
Php FusionPhp Fusion6.01.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-3555?
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.
How severe is CVE-2006-3555?
Severity scoring for CVE-2006-3555 is pending analysis. The EPSS model estimates a 1.32% probability of exploitation in the next 30 days.
How do I fix CVE-2006-3555?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3555?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST