Description

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php

Remediation

References

CVE-2020-12706

Related Vulnerabilities

WordPress Plugin Slider by 10Web-Responsive Image Slider Unspecified Vulnerability (1.1.9)

PHP Numeric Errors Vulnerability (CVE-2010-4645)

WordPress Plugin PICA Photo Gallery SQL Injection (1.0)

WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3065)

Severity

Medium

Classification

CVE-2020-12706 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities