Multiple cross-site scripting (XSS) vulnerabilities in glFusion prior to 1.2.2.pl4 allow remote malicious users to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
glfusion glfusion 1.2.0.pl4 |
||
glfusion glfusion 1.2.0.pl5 |
||
glfusion glfusion 1.1.8.pl4 |
||
glfusion glfusion 1.1.8.pl3 |
||
glfusion glfusion 1.1.6.pl2 |
||
glfusion glfusion 1.1.6.pl1 |
||
glfusion glfusion 1.1.4.pl3 |
||
glfusion glfusion 1.1.4.pl2 |
||
glfusion glfusion 1.0.2 |
||
glfusion glfusion 1.0.1 |
||
glfusion glfusion 1.2.0 |
||
glfusion glfusion 1.2.0.pl1 |
||
glfusion glfusion 1.2.2 |
||
glfusion glfusion 1.2.2.pl1 |
||
glfusion glfusion 1.2.2.pl2 |
||
glfusion glfusion 1.1.8 |
||
glfusion glfusion 1.1.7 |
||
glfusion glfusion 1.1.5.pl2 |
||
glfusion glfusion 1.1.5.pl1 |
||
glfusion glfusion 1.1.2 |
||
glfusion glfusion 1.1.1 |
||
glfusion glfusion 1.0.0 |
||
glfusion glfusion 1.2.0.pl2 |
||
glfusion glfusion 1.2.0.pl3 |
||
glfusion glfusion |
||
glfusion glfusion 1.1.8.pl5 |
||
glfusion glfusion 1.1.6.pl4 |
||
glfusion glfusion 1.1.6.pl3 |
||
glfusion glfusion 1.1.5 |
||
glfusion glfusion 1.1.4.pl4 |
||
glfusion glfusion 1.1.0 |
||
glfusion glfusion 1.1.8.pl6 |
||
glfusion glfusion 1.2.0.pl6 |
||
glfusion glfusion 1.2.0.pl7 |
||
glfusion glfusion 1.1.8.pl2 |
||
glfusion glfusion 1.1.8.pl1 |
||
glfusion glfusion 1.1.6 |
||
glfusion glfusion 1.1.5.pl3 |
||
glfusion glfusion 1.1.4.pl1 |
||
glfusion glfusion 1.1.4 |
||
glfusion glfusion 1.1.3 |
Vulmon