← Volver a CVEs
CVE-2020-36996
MEDIUM6.4
Descripcion
PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script execution in victim browsers.
Detalles CVE
Puntuacion CVSS v3.16.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/30/2026
Ultima modificacion2/4/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-79
Referencias
https://www.exploit-db.com/exploits/48497(disclosure@vulncheck.com)
https://www.php-fusion.co.uk/home.php(disclosure@vulncheck.com)
https://www.php-fusion.co.uk/php_fusion_9_downloads.php(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/phpfusion-persistent-cross-site-scripting(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.