exploitDog

CVE-2020-12438

Опубликовано: 28 апр. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.

Ссылки

https://github.com/php-fusion/PHP-Fusion/commit/c36006f900d855f1173f81cea1a774295049f4d8
Patch
Third Party Advisory
https://github.com/php-fusion/PHP-Fusion/issues/2307
Exploit
Third Party Advisory
https://github.com/php-fusion/PHP-Fusion/commit/c36006f900d855f1173f81cea1a774295049f4d8
Patch
Third Party Advisory
https://github.com/php-fusion/PHP-Fusion/issues/2307
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php-fusion:php-fusion:9.03.50:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mm2g-3w9w-jr6p

github

больше 3 лет назад

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.

EPSS

Процентиль: 51%

0.00281

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79