Stored Cross-Site Scripting Vulnerability in PHP-Fusion by PHP-Fusion Inc.
CVE-2020-23184

5.4MEDIUM

Key Information:

Vendor: PHP-fusion
Status: PHP-fusion
Vendor: CVE Published:; 2 July 2021

What is CVE-2020-23184?

A stored cross-site scripting vulnerability exists in the registration settings of PHP-Fusion version 9.03.60. This issue allows authenticated attackers to inject malicious scripts or HTML through the 'Registration' field, potentially leading to the execution of arbitrary web scripts in the context of affected users. Users relying on PHP-Fusion need to take prompt action to mitigate this risk and secure their applications.

References

https://github.com/phpfusion/PHPFusion/issues/2323

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2021
Vulnerability Reserved
Aug 13, 2020

PHP-fusion

What is CVE-2020-23184?

References

CVSS V3.1

Timeline