Lucene search
K

812 matches found

Prion
Prion
added 2021/11/02 6:15 p.m.14 views

Cross site scripting

Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...

6.8CVSS8.3AI score0.0155EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/11/02 5:45 p.m.20 views

CVE-2020-23754

Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...

8.6AI score0.0155EPSS
Exploits0References3
CVE
CVE
added 2021/11/02 5:45 p.m.35 views

CVE-2020-23754

PHP-Fusion 9.03.50 contains a Cross-Site Scripting vulnerability in infusions/member_poll_panel/poll_admin.php that allows an attacker to execute arbitrary code via the polls feature. Sources attribute the root cause to insufficient filtering/escaping of user-submitted input. This affects PHP-Fus...

9.6CVSS8.5AI score0.0155EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/09/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-24949

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...

9CVSS7.5AI score0.67289EPSS
Exploits4References1
BDU FSTEC
BDU FSTEC
added 2021/09/10 12:0 a.m.8 views

Vulnerability of the function in /administration/theme.php of the PHP-Fusion CMS system, allowing a hacker to execute arbitrary code

The vulnerability in the /administration/theme.php function of the PHP-Fusion CMS system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through the created malicious load...

5.4CVSS6.4AI score0.00447EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/07/07 7:15 p.m.23 views

CVE-2020-23702

Cross Site Scripting XSS vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...

4.8CVSS0.00602EPSS
Exploits1References2
Prion
Prion
added 2021/07/07 7:15 p.m.15 views

Cross site scripting

Cross Site Scripting XSS vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...

3.5CVSS4.9AI score0.00602EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/07/07 6:56 p.m.24 views

CVE-2020-23702

Cross Site Scripting XSS vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...

5AI score0.00602EPSS
Exploits1References2
CVE
CVE
added 2021/07/07 6:56 p.m.51 views

CVE-2020-23702

Summary: CVE-2020-23702 is a cross-site scripting (XSS) vulnerability affecting PHP-Fusion 9.03.60, exploitable via the New Shout feature in /infusions/shoutbox_panel/shoutbox_admin.php. The connected documents confirm the affected product/version and vulnerable component, but do not provide expl...

4.8CVSS5AI score0.00602EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.4 views

PHP-Fusion 跨站脚本漏洞

PHPFusion is a lightweight open source content management system. PHPFusion version 9.03.60 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...

4.8CVSS5.3AI score0.00602EPSS
Exploits1References2
CNVD
CNVD
added 2021/07/06 12:0 a.m.6 views

Php-Fusion Injection Vulnerability

Php-fusion PHP-Fusion is an open source lightweight content management system based on MySql and PHP from Malaysia's PHP-Fusion Php-fusion. The system contains modules for news, articles and forums. PHP-Fusion suffers from an injection vulnerability that stems from a flaw in a component in...

5.4CVSS6.9AI score0.00518EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.5 views

PHP-Fusion cross-site scripting vulnerability (CNVD-2021-48511)

PHP-Fusion is a lightweight open source content management system. A reflective cross-site scripting vulnerability exists in /administration/theme.php in PHP-Fusion version 9.03.60, which can be exploited to execute arbitrary web script or HTML via the "Manage Theme" field...

5.4CVSS6.3AI score0.00447EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.6 views

Unspecified Vulnerability in PHP-Fusion

PHP-Fusion is a Malaysian company PHP-Fusion open source lightweight content management system based on MySql and PHP . The system contains modules such as news, articles and forums. PHP-Fusion suffers from a security vulnerability that stems from a session cookie not being deleted when a user lo...

5.5CVSS6.8AI score0.00524EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.5 views

PHP-Fusion cross-site scripting vulnerability (CNVD-2021-48513)

PHP-Fusion is a lightweight open source content management system. A stored cross-site scripting vulnerability exists in /administration/settingsecurity.php in PHP-Fusion version 9.03.60, which can be exploited by an attacker to execute arbitrary Web script or HTML...

5.4CVSS6.3AI score0.00447EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.7 views

PHP-Fusion cross-site scripting vulnerability (CNVD-2021-48512)

PHP-Fusion is a lightweight open source content management system. A stored cross-site scripting vulnerability exists in /administration/settingsregistration.php in PHP-Fusion version 9.03.60, which can be exploited to execute arbitrary web script or HTML via the "registration" field...

5.4CVSS6AI score0.00447EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.7 views

PHP-Fusion Cross-Site Scripting Vulnerability (CNVD-2021-48510)

PHP-Fusion is a lightweight open source content management system. A stored cross-site scripting vulnerability exists in administration/settingsmain.php in PHP-Fusion, which can be exploited to execute arbitrary web script or HTML via the "site footer" field...

5.4CVSS6AI score0.00472EPSS
Exploits1References1
OSV
OSV
added 2021/07/02 6:15 p.m.5 views

CVE-2020-23185

A stored cross site scripting XSS vulnerability in /administration/settingsecurity.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS5.6AI score
Exploits0References1
OSV
OSV
added 2021/07/02 6:15 p.m.4 views

CVE-2020-23184

A stored cross site scripting XSS vulnerability in /administration/settingsregistration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field...

5.4CVSS5.6AI score0.00447EPSS
Exploits1References1
OSV
OSV
added 2021/07/02 6:15 p.m.5 views

CVE-2020-23181

A reflected cross site scripting XSS vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field...

5.4CVSS5.8AI score0.00447EPSS
Exploits1References1
NVD
NVD
added 2021/07/02 6:15 p.m.19 views

CVE-2020-23185

A stored cross site scripting XSS vulnerability in /administration/settingsecurity.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS0.00447EPSS
Exploits1References1
Rows per page
Query Builder