Vulnerabilities > PHP Fusion

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-26	CVE-2020-23658	Cross-site Scripting vulnerability in PHP-Fusion 9.03.60 PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. network low complexity php-fusion CWE-79	5.4
2020-08-12	CVE-2020-17450	Cross-site Scripting vulnerability in PHP-Fusion 9.0/9.00/9.03 PHP-Fusion 9.03 allows XSS on the preview page. network low complexity php-fusion CWE-79	6.1
2020-08-12	CVE-2020-17449	Cross-site Scripting vulnerability in PHP-Fusion 9.0/9.00/9.03 PHP-Fusion 9.03 allows XSS via the error_log file. network low complexity php-fusion CWE-79	5.4
2020-06-24	CVE-2020-15041	Cross-site Scripting vulnerability in PHP-Fusion 9.03.60 PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. network low complexity php-fusion CWE-79	4.8
2020-06-22	CVE-2020-14960	SQL Injection vulnerability in PHP-Fusion 9.03.50 A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, network low complexity php-fusion CWE-89	7.2
2020-05-08	CVE-2020-12718	Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. network low complexity php-fusion CWE-79	5.4
2020-05-07	CVE-2020-12708	Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. network low complexity php-fusion CWE-79	6.1
2020-05-07	CVE-2020-12706	Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php network low complexity php-fusion CWE-79	5.4
2020-04-29	CVE-2020-12461	SQL Injection vulnerability in PHP-Fusion 9.03.50 PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. network low complexity php-fusion CWE-89	8.8
2020-04-28	CVE-2020-12438	Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. network low complexity php-fusion CWE-79	5.4

Vulnerabilities > PHP Fusion {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"PHP Fusion"}]}

Vulnerabilities > PHP Fusion