← Zuruck zu CVEs
CVE-2020-37152
MEDIUM6.1
Beschreibung
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht2/5/2026
Zuletzt geandert2/9/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
php-fusion:phpfusion
Schwachen (CWE)
CWE-79
Referenzen
https://www.exploit-db.com/exploits/48299(disclosure@vulncheck.com)
https://www.php-fusion.co.uk/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-scripting-xss(disclosure@vulncheck.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.