CSRF and XSS Vulnerability in PHPFusion 9.03.110
CVE-2021-28280

6.1MEDIUM

Key Information:

Vendor

PHP-fusion

Status
PHPfusion
Vendor
CVE Published:
29 April 2021

What is CVE-2021-28280?

A CSRF and Cross-site scripting (XSS) vulnerability exists in search.php of PHPFusion version 9.03.110. This flaw allows remote attackers to exploit the application by injecting arbitrary web scripts or HTML, thereby compromising the integrity and security of affected systems. By leveraging this vulnerability, attackers can execute unauthorized actions on behalf of authenticated users without their consent, leading to potential data breaches and security incidents.

References

https://anotepad.com/notes/2skndayt
x_refsource_MISC
https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49b...
x_refsource_MISC
https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb3...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.