108 matches found
PHPFusion < 8.00.90 / 9.x < 9.10.00 XSS/CSRF Vulnerability
PHPFusion is prone to a cross-site scripting XSS and cross-site request forgery CSRF vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2021-28280
CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...
CVE-2021-28280
CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...
Cross site scripting
CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...
CVE-2021-28280
CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...
CVE-2021-28280
PHPFusion 9.03.110 is affected by a CSRF and XSS vulnerability in search.php that allows remote attackers to inject arbitrary web script or HTML. This has been reported across multiple sources (NVD, Red Hat, CNVD, OSV, CNVD, OpenVAS and others) with consistent description. The CVE is not accompan...
Phpfusion 跨站脚本漏洞
Phpfusion is a lightweight content management system from Phpfusion UK. PHPFusion 9.03.110 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary web script or HTML...
PHPFusion Cross-Site Request Forgery Vulnerability
PHPFusion is a lightweight open source content management system. PHPFusion 9.03.90 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to delete all shoutbox messages on behalf of a logged-in victim...
CVE-2020-35687
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim...
CVE-2020-35687
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim...
Cross site request forgery (csrf)
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim...
CVE-2020-35687
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim...
CVE-2020-35687
CVE-2020-35687 affects PHPFusion CMS 9.03.90. A CSRF vulnerability in the shoutbox management allows an attacker to delete all shoutbox messages on behalf of a logged-in victim. Public PoCs/exploits exist (e.g., PacketStorm, Exploit-DB) showing a GET request triggering deletion via shoutbox_archi...
Phpfusion 跨站请求伪造漏洞
PHPFusion is a lightweight open source content management system. PHPFusion 9.03.90 suffers from a cross-site request forgery vulnerability. An attacker can exploit this vulnerability to delete all shoutbox messages on behalf of a logged-in victim...
CVE-2020-35687
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim. Recent assessments: oosman-rak at January 20, 2021 4:08am UTC reported: Assessed Attacker Value: 3 Assessed Attacker Value: 3Assessed Attacker...
CVE-2020-35952
login.php in PHPFusion aka PHP-Fusion Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password i.e., not a single "Incorrect username or password" message in both cases, which might allow enumeration...
Default credentials
login.php in PHPFusion aka PHP-Fusion Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password i.e., not a single "Incorrect username or password" message in both cases, which might allow enumeration...
CVE-2020-35952
CVE-2020-35952 affects PHPFusion (PHP-Fusion) Andromeda 9.x before 2020-12-30. The issue is that login.php generates error messages that differentiate between an incorrect username and an incorrect password, rather than a single generic message, which could enable user enumeration. The connected ...
CVE-2020-35952
login.php in PHPFusion aka PHP-Fusion Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password i.e., not a single "Incorrect username or password" message in both cases, which might allow enumeration...
PHPFusion 9.03.50 - Persistent Cross-Site Scripting
Exploit Title: PHPFusion 9.03.50 - Persistent Cross-Site Scripting Date: 2020-05-20 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.50 How? When creating a thread or editing one of h...