Php-Fusion: >> Phpfusion Security Vulnerabilities
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-10-11
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
CVSS Score
6.1
EPSS Score
0.004
Published
2021-04-29
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-01-13
Page 2