Every CVE whose affected-product data names Php-fusion Phpfusion, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2020-23754 — CVSS 9.6 (critical): Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute…
CVE-2023-2453 — CVSS 8.8 (high): There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a…
CVE-2021-40188 — CVSS 7.2 (high): PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP…
CVE-2021-40189 — CVSS 7.2 (high): PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme…
CVE-2014-8597 — CVSS 6.1 (medium): A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML…
CVE-2020-37137 — CVSS 6.1 (medium): PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute…
CVE-2020-37152 — CVSS 6.1 (medium): PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to…
CVE-2021-28280 — CVSS 6.1 (medium): CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script…
CVE-2021-40541 — CVSS 6.1 (medium): PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An…
CVE-2023-4480 — CVSS 5.5 (medium): Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a…
CVE-2023-53928 — CVSS 5.4 (medium): PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG…
CVE-2020-35687 — CVSS 4.3 (medium): PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the…