Cross Site Scripting Vulnerability in PHP-Fusion by PHP-Fusion
CVE-2020-23658

5.4MEDIUM

Key Information:

Vendor: PHP-fusion
Status: PHP-fusion
Vendor: CVE Published:; 26 August 2020

What is CVE-2020-23658?

A Cross Site Scripting (XSS) vulnerability has been identified in PHP-Fusion version 9.03.60. The flaw exists in the handling of user input in the poll administration section, specifically in the file located at infusions/member_poll_panel/poll_admin.php. This vulnerability could allow an attacker to inject malicious scripts that are executed in the context of the user’s session, leading to unauthorized actions or data theft. Website administrators are advised to apply recommended security patches and enhance input validation to mitigate the risks associated with this vulnerability.

References

https://github.com/php-fusion/PHP-Fusion/issues/2325

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2020
Vulnerability Reserved
Aug 13, 2020

PHP-fusion

What is CVE-2020-23658?

References

CVSS V3.1

Timeline