14 matches found
CVE-2020-37152
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...
CVE-2020-37152
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37152
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the panel_content POST parameter. The issue arises from insufficient sanitization of user input before rendering in the browser, enabling an attacker to inject arbitrary JavaScript that executes in the context of the af...
CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...
CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...
EUVD-2020-31043
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...
EUVD-2020-31029
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
PHPFusion 跨站脚本漏洞
PHPFusion is an open-source, lightweight content management system developed by Malaysia-based PHPFusion Company, based on MySQL and PHP technologies. This system includes modules for news, articles, and forums. Version PHPFusion 9.03.50 contains a cross-site scripting vulnerability, which stems...
PT-2026-6591
Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The application does not properly sanitize user input before rendering it in a browser, which allows attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the pane...
PT-2026-6580
Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The software contains a remote code execution issue in the add panel form function. This allows attackers to execute arbitrary code through the use of an eval function with unsanitized data received via...
Nextcloud安全漏洞
Deck is a Kanban-style organization tool. Designed for individual planning and project organization for teams integrated with Nextcloud, a security vulnerability exists in Deck that stems from the Deck application not properly checking for user membership in a Circle. An attacker could exploit th...