CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the panel_content POST parameter. The issue arises from insufficient sanitization of user input before rendering in the browser, enabling an attacker to inject arbitrary JavaScript that executes in the context of the af...

EUVD-2020-31043

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

PHPFusion 跨站脚本漏洞

PHPFusion is an open-source, lightweight content management system developed by Malaysia-based PHPFusion Company, based on MySQL and PHP technologies. This system includes modules for news, articles, and forums. Version PHPFusion 9.03.50 contains a cross-site scripting vulnerability, which stems...