CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

PT-2026-6591

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The application does not properly sanitize user input before rendering it in a browser, which allows attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the pane...

PT-2026-6580

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The software contains a remote code execution issue in the add panel form function. This allows attackers to execute arbitrary code through the use of an eval function with unsanitized data received via...

PHP-Fusion 9.03.50 - 'panels.php' Remote Code Execution

Exploit Title: PHP-Fusion 9.03.50 - 'panels.php' Multiple vulnerability Google Dork: N/A=20 Date: 2020-04-01 Exploit Author: Unkn0wn Vendor Homepage: https://www.php-fusion.co.uk Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.50 Tested on: Ubuntu CVE : N/A...

CVE-2015-5481

The CVE-2015-5481 entry documents a Cross-site scripting (XSS) vulnerability in the GD bbPress Attachments WordPress plugin. Affects versions prior to 2.3, vulnerable code resides in forms/panels.php where the tab parameter of gdbbpress_attachments (on wp-admin/edit.php) is not properly filtered,...