Phpfusion Security Vulnerabilities and Issues — Phpfusion CVE List

Lucene search

Php-fusionPhpfusion

3 matches found

CVE•added 2021/04/29 3:15 p.m.•54 views

CVE-2021-28280

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML

6.1CVSS6AI score0.00304EPSS

CVE•added 2022/02/17 8:15 p.m.•52 views

CVE-2014-8597

A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.

6.1CVSS5.9AI score0.00222EPSS

CVE•added 2021/10/11 2:15 p.m.•33 views

CVE-2021-40541

PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.

6.1CVSS5.7AI score0.00425EPSS