VYPR
Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Apr 7, 2026

PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload

CVE-2023-53928

Description

PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PHP-Fusion/PhpfusionOSV2 versions
    v9.10.03, v9.10.30+ 1 more
    • (no CPE)range: v9.10.03, v9.10.30
    • (no CPE)range: = 9.10.30

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.