← Voltar para CVEs
CVE-2020-37152
MEDIUM6.1
Descricao
PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.
Detalhes CVE
Pontuacao CVSS v3.16.1
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado2/5/2026
Ultima modificacao2/9/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
php-fusion:phpfusion
Fraquezas (CWE)
CWE-79
Referencias
https://www.exploit-db.com/exploits/48299(disclosure@vulncheck.com)
https://www.php-fusion.co.uk/(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-scripting-xss(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.