CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-12708

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.0%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/php-fusion/PHP-Fusion/issues/2310
https://github.com/php-fusion/PHP-Fusion/issues/2310

Products affected by CVE-2020-12708

Php-Fusion » Php-Fusion » Version: 9.03.50

cpe:2.3:a:php-fusion:php-fusion:9.03.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-12708

Products

Pricing

Contact Us