Vulnerability Details CVE-2020-23702
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.5%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://github.com/phpfusion/PHPFusion/issues/2328
- https://user-images.githubusercontent.com/62001260/82175522-47169980-98fe-11ea-9a8e-93622aab7cf4.PNG
- https://github.com/phpfusion/PHPFusion/issues/2328
- https://user-images.githubusercontent.com/62001260/82175522-47169980-98fe-11ea-9a8e-93622aab7cf4.PNG
Products affected by CVE-2020-23702
-
cpe:2.3:a:php-fusion:php-fusion:9.03.60