Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and previous versions versions allows remote malicious users to inject arbitrary web script or HTML via the username parameter to comment.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
glfusion glfusion 1.1.0 |
||
glfusion glfusion |