CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23658
https://notcve.org/view.php?id=CVE-2020-23658
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. PHP-Fusion versión 9.03.60, está afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del archivo infusions/member_poll_panel/poll_admin.php • https://github.com/php-fusion/PHP-Fusion/issues/2325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-17450
https://notcve.org/view.php?id=CVE-2020-17450
PHP-Fusion 9.03 allows XSS on the preview page. PHP-Fusion versión 9.03, permite un ataque de tipo XSS en la página de vista previa • https://sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-xss-vulnerabilities-in-php-fusion-cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-17449
https://notcve.org/view.php?id=CVE-2020-17449
PHP-Fusion 9.03 allows XSS via the error_log file. PHP-Fusion versión 9.03, permite un ataque de tipo XSS por medio del archivo error_log • https://sec-consult.com/en/blog/advisories/multiple-cross-site-scripting-xss-vulnerabilities-in-php-fusion-cms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15041
https://notcve.org/view.php?id=CVE-2020-15041
PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. PHP-Fusion versión 9.03.60, permite un ataque de tipo XSS por medio del campo Link del archivo administration/site_links.php • https://github.com/php-fusion/PHP-Fusion/issues/2330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 10%CPEs: 1EXPL: 2CVE-2020-14960
https://notcve.org/view.php?id=CVE-2020-14960
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, Una vulnerabilidad de inyección SQL en PHP-Fusion versión 9.03.50, afecta el endpoint administration/comments.php por medio del parámetro ctype • https://github.com/php-fusion/PHP-Fusion/commit/b3bde37f60e96f1a8ddd1439658307b28be77db5 https://github.com/php-fusion/PHP-Fusion/issues/2327 https://www.exploit-db.com/exploits/48487 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •