PHP-Fusion BBcode color Tag Arbitrary CSS Code Insertion
Remote / Network Access
Loss of Integrity
PHP-Fusion contains a flaw that may allow a malicious user to manipulate the website content. The issue is triggered when a malicious user supplies malformed 'color' BBcode in a post. It is possible that the flaw may allow injecting arbitrary CSS (Cascading Style Sheets) code, resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.