Unrated severityNVD Advisory· Published Apr 28, 2020· Updated Aug 4, 2024
CVE-2020-12438
CVE-2020-12438
Description
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.
Affected products
2- PHP-Fusion/PHP-Fusiondescription
- Range: =9.03.50
Patches
Vulnerability mechanics
References
2- github.com/php-fusion/PHP-Fusion/commit/c36006f900d855f1173f81cea1a774295049f4d8mitrex_refsource_MISC
- github.com/php-fusion/PHP-Fusion/issues/2307mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.