Public CVE-2006-0241 disclosure

Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter.