Vulnerabilities > PHP Fusion

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-12	CVE-2020-17450	Cross-site Scripting vulnerability in PHP-Fusion 9.0/9.00/9.03 PHP-Fusion 9.03 allows XSS on the preview page. network php-fusion CWE-79	4.3
2020-08-12	CVE-2020-17449	Cross-site Scripting vulnerability in PHP-Fusion 9.0/9.00/9.03 PHP-Fusion 9.03 allows XSS via the error_log file. network php-fusion CWE-79	3.5
2020-06-24	CVE-2020-15041	Cross-site Scripting vulnerability in PHP-Fusion 9.03.60 PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. network php-fusion CWE-79	3.5
2020-06-22	CVE-2020-14960	SQL Injection vulnerability in PHP-Fusion 9.03.50 A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, network low complexity php-fusion CWE-89	6.5
2020-05-08	CVE-2020-12718	Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. network php-fusion CWE-79	3.5
2020-05-07	CVE-2020-12708	Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. network php-fusion CWE-79	4.3
2020-05-07	CVE-2020-12706	Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php network php-fusion CWE-79	3.5
2020-04-29	CVE-2020-12461	SQL Injection vulnerability in PHP-Fusion 9.03.50 PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. network low complexity php-fusion CWE-89	6.5
2020-04-28	CVE-2020-12438	Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. network php-fusion CWE-79	3.5
2019-05-14	CVE-2019-12099	Unrestricted Upload of File with Dangerous Type vulnerability in PHP-Fusion In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload. network low complexity php-fusion CWE-434 critical	9.0

Vulnerabilities > PHP Fusion {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"PHP Fusion"}]}

Vulnerabilities > PHP Fusion