VYPR
Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 4, 2024

CVE-2020-12438

CVE-2020-12438

Description

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.