Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion php fusion vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-12718
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
Php-fusion Php-fusion 9.03.50
7.5
CVSSv2
CVE-2014-8596
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
Php-fusion Php-fusion 7.02.07
1 EDB exploit
4.3
CVSSv2
CVE-2012-6043
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote malicious users to inject arbitrary web script or HTML via the cat_id parameter.
Php-fusion Php-fusion 7.02.04
1 EDB exploit
5.5
CVSSv2
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an malicious user to perform a session replay attack and impersonate the victim user.
Php-fusion Php-fusion 9.03.50
3.5
CVSSv2
CVE-2020-23179
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.
Php-fusion Php-fusion 9.03.50
3.5
CVSSv2
CVE-2020-23181
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
Php-fusion Php-fusion 9.03.60
4.9
CVSSv2
CVE-2020-23182
The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows malicious users to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel.
Php-fusion Php-fusion 9.03.60
3.5
CVSSv2
CVE-2020-23184
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
Php-fusion Php-fusion 9.03.60
3.5
CVSSv2
CVE-2020-23185
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Php-fusion Php-fusion 9.03.60
4.3
CVSSv2
CVE-2005-0692
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote malicious users to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
Php Fusion Php Fusion 5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »