CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40541

PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/PHPFusion/PHPFusion/issues/2373
https://github.com/PHPFusion/PHPFusion/issues/2373

Products affected by CVE-2021-40541

Php-Fusion » Phpfusion » Version: 9.03.110

cpe:2.3:a:php-fusion:phpfusion:9.03.110

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40541

Products

Pricing

Contact Us