exploitDog

CVE-2020-37152

Опубликовано: 05 фев. 2026

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.

Ссылки

https://www.exploit-db.com/exploits/48299
Not Applicable
https://www.php-fusion.co.uk/
Product
https://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-scripting-xss
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php-fusion:phpfusion:9.03.50:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00246

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-f282-2298-ffhh

CVSS3: 6.1

github

5 месяцев назад

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.

EPSS

Процентиль: 16%

0.00246

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79