← Back to CVEs
CVE-2023-53928
MEDIUM5.4
Description
PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks.
CVE Details
CVSS v3.1 Score5.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published12/17/2025
Last Modified12/31/2025
Sourcenvd
Honeypot Sightings0
Affected Products
php-fusion:phpfusion
Weaknesses (CWE)
CWE-79
References
https://www.exploit-db.com/exploits/51411(disclosure@vulncheck.com)
https://www.phpfusion.com/index.php(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/phpfusion-stored-cross-site-scripting-via-file-manager-upload(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/51411(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.