812 matches found
Cross site scripting
Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...
CVE-2020-23754
Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...
CVE-2020-23754
PHP-Fusion 9.03.50 contains a Cross-Site Scripting vulnerability in infusions/member_poll_panel/poll_admin.php that allows an attacker to execute arbitrary code via the polls feature. Sources attribute the root cause to insufficient filtering/escaping of user-submitted input. This affects PHP-Fus...
VulnCheck KEV: CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...
Vulnerability of the function in /administration/theme.php of the PHP-Fusion CMS system, allowing a hacker to execute arbitrary code
The vulnerability in the /administration/theme.php function of the PHP-Fusion CMS system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through the created malicious load...
CVE-2020-23702
Cross Site Scripting XSS vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...
Cross site scripting
Cross Site Scripting XSS vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...
CVE-2020-23702
Cross Site Scripting XSS vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...
CVE-2020-23702
Summary: CVE-2020-23702 is a cross-site scripting (XSS) vulnerability affecting PHP-Fusion 9.03.60, exploitable via the New Shout feature in /infusions/shoutbox_panel/shoutbox_admin.php. The connected documents confirm the affected product/version and vulnerable component, but do not provide expl...
PHP-Fusion 跨站脚本漏洞
PHPFusion is a lightweight open source content management system. PHPFusion version 9.03.60 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...
Php-Fusion Injection Vulnerability
Php-fusion PHP-Fusion is an open source lightweight content management system based on MySql and PHP from Malaysia's PHP-Fusion Php-fusion. The system contains modules for news, articles and forums. PHP-Fusion suffers from an injection vulnerability that stems from a flaw in a component in...
PHP-Fusion cross-site scripting vulnerability (CNVD-2021-48511)
PHP-Fusion is a lightweight open source content management system. A reflective cross-site scripting vulnerability exists in /administration/theme.php in PHP-Fusion version 9.03.60, which can be exploited to execute arbitrary web script or HTML via the "Manage Theme" field...
Unspecified Vulnerability in PHP-Fusion
PHP-Fusion is a Malaysian company PHP-Fusion open source lightweight content management system based on MySql and PHP . The system contains modules such as news, articles and forums. PHP-Fusion suffers from a security vulnerability that stems from a session cookie not being deleted when a user lo...
PHP-Fusion cross-site scripting vulnerability (CNVD-2021-48513)
PHP-Fusion is a lightweight open source content management system. A stored cross-site scripting vulnerability exists in /administration/settingsecurity.php in PHP-Fusion version 9.03.60, which can be exploited by an attacker to execute arbitrary Web script or HTML...
PHP-Fusion cross-site scripting vulnerability (CNVD-2021-48512)
PHP-Fusion is a lightweight open source content management system. A stored cross-site scripting vulnerability exists in /administration/settingsregistration.php in PHP-Fusion version 9.03.60, which can be exploited to execute arbitrary web script or HTML via the "registration" field...
PHP-Fusion Cross-Site Scripting Vulnerability (CNVD-2021-48510)
PHP-Fusion is a lightweight open source content management system. A stored cross-site scripting vulnerability exists in administration/settingsmain.php in PHP-Fusion, which can be exploited to execute arbitrary web script or HTML via the "site footer" field...
CVE-2020-23185
A stored cross site scripting XSS vulnerability in /administration/settingsecurity.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-23184
A stored cross site scripting XSS vulnerability in /administration/settingsregistration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field...
CVE-2020-23181
A reflected cross site scripting XSS vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field...
CVE-2020-23185
A stored cross site scripting XSS vulnerability in /administration/settingsecurity.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...