CVE-2020-37152 — MEDIUM (6.1)

Vulnerability Description

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Php-Fusion	Phpfusion	9.03.50

Related Weaknesses (CWE)

CWE-79

References

https://www.exploit-db.com/exploits/48299Not Applicable
https://www.php-fusion.co.uk/Product
https://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-scripting-xBroken Link

FAQ

What is CVE-2020-37152?

CVE-2020-37152 is a vulnerability with a CVSS score of 6.1 (MEDIUM). PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the brows...

How severe is CVE-2020-37152?

CVE-2020-37152 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-37152?

Check the references section above for vendor advisories and patch information. Affected products include: Php-Fusion Phpfusion.