PHPFusion Cross-Site Scripting Vulnerability (CNVD-2021-101537)

PHPFusion is a lightweight open source content management system. A cross-site scripting vulnerability exists in the descript function in PHPFusion version 9.03.110. An attacker could exploit this vulnerability by appending "//" to the end of the text to conduct a cross-site scripting attack...

CVE-2021-40189

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/Theme Folder, where an attacker can access and execute arbitrary code...

CVE-2021-40541

PHPFusion 9.03.110 is affected by cross-site scripting XSS in the preg patterns filter html tag without "//" in descript function An authenticated user can trigger XSS by appending "//" in the end of text...

CVE-2021-40541

PHPFusion 9.03.110 is affected by cross-site scripting XSS in the preg patterns filter html tag without "//" in descript function An authenticated user can trigger XSS by appending "//" in the end of text...

CVE-2021-40541

CVE-2021-40541 affects PHPFusion 9.03.110. The vulnerability is an XSS in the descript() function, triggered when an authenticated user appends "//" at the end of text, due to how the preg filter handles HTML tags. The available sources (NVD, CNVD, CVE List) describe the issue; no exploitation de...

Phpfusion 代码问题漏洞

PHPFusion is a lightweight open source content management system. An arbitrary file upload vulnerability exists in PHPFusion version 9.03.110. The vulnerability stems from the File Manager feature in the admin panel not filtering PHP extensions. An attacker can exploit this vulnerability to uploa...

Phpfusion 跨站脚本漏洞

PHPFusion is a lightweight open source content management system. A cross-site scripting vulnerability exists in the descript function in PHPFusion version 9.03.110. An attacker could exploit this vulnerability by appending "//" to the end of the text to conduct a cross-site scripting attack...

PHPFusion 代码问题漏洞

PHPFusion is a lightweight open source content management system. A remote code execution vulnerability exists in PHPFusion version 9.03.110. The vulnerability can be exploited to achieve remote code execution by inserting malicious php code or php files into a zip file and uploading it to the...

CVE-2021-28280

CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...

CVE-2021-28280

CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...

Cross site scripting

CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...

Phpfusion 跨站脚本漏洞

Phpfusion is a lightweight content management system from Phpfusion UK. PHPFusion 9.03.110 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary web script or HTML...