← Volver a CVEs
CVE-2020-37152
MEDIUM6.1
Descripcion
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.
Detalles CVE
Puntuacion CVSS v3.16.1
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado2/5/2026
Ultima modificacion2/9/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
php-fusion:phpfusion
Debilidades (CWE)
CWE-79
Referencias
https://www.exploit-db.com/exploits/48299(disclosure@vulncheck.com)
https://www.php-fusion.co.uk/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-scripting-xss(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.