exploitDog

CVE-2023-53928

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks.

Ссылки

https://www.exploit-db.com/exploits/51411
Exploit
Third Party Advisory
https://www.phpfusion.com/index.php
Product
https://www.vulncheck.com/advisories/phpfusion-stored-cross-site-scripting-via-file-manager-upload
Third Party Advisory
https://www.exploit-db.com/exploits/51411
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php-fusion:phpfusion:9.10.30:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-48f6-vw4q-5vcq

CVSS3: 5.4

github

около 2 месяцев назад

PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks.

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79