Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-23702
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
Php-fusion Php-fusion 9.03.60
5.4
CVSSv3
CVE-2020-23658
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php.
Php-fusion Php-fusion 9.03.60
5.4
CVSSv3
CVE-2015-8375
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.
Php-fusion Php-fusion 9.00
NA
CVE-2005-4655
Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote malicious users to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<s...
Php Fusion Php Fusion 6.00.204
5.4
CVSSv3
CVE-2020-12706
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote malicious users to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-12718
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-12438
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.
Php-fusion Php-fusion 9.03.50
6.1
CVSSv3
CVE-2020-12708
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote malicious users to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an malicious user to perform a session replay attack and impersonate the victim user.
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-23181
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
Php-fusion Php-fusion 9.03.60
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »