Cross-Site Scripting Vulnerability in PHP-Fusion by PHP-Fusion
CVE-2015-8375

5.4MEDIUM

Key Information:

Vendor: PHP-fusion
Status: PHP-fusion
Vendor: CVE Published:; 25 September 2017

🔔 Create PHP-fusion Vulnerability Alert

What is CVE-2015-8375?

A Cross-Site Scripting (XSS) vulnerability exists in PHP-Fusion 9, allowing attackers to inject malicious scripts into web pages viewed by users. This can lead to unauthorized actions on behalf of users, session hijacking, or the disclosure of sensitive information.

References

https://gist.github.com/bscarvell/57f82000bf823071404e

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2015/11/29/4

mailing-listx_refsource_MLIST

https://github.com/php-fusion/PHP-Fusion/commit/f1a5fce79...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2017
Vulnerability Reserved
Nov 29, 2015

.