Vulnerabilities > PHP Fusion > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-28 | CVE-2020-12438 | Cross-site Scripting vulnerability in PHP-Fusion 9.03.50 An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. | 3.5 |
| 2017-09-25 | CVE-2015-8375 | Cross-site Scripting vulnerability in PHP-Fusion 9.00 Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | 3.5 |
| 2007-07-04 | CVE-2007-3559 | Cross-Site Scripting vulnerability in PHP-Fusion 6.01.10/6.01.9 Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. network php-fusion | 3.5 |
| 2006-09-11 | CVE-2006-4673 | SQL Injection vulnerability in PHP-Fusion News.PHP Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. | 2.6 |