Description

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.

Remediation

References

CVE-2020-12718

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2006-0026)

WordPress Plugin Booking Calendar Cross-Site Request Forgery (9.2.1)

Joomla! Core 3.7.x Information Disclosure (3.7.0 - 3.7.5)

WordPress Plugin FunCaptcha-Anti-Spam CAPTCHA Cross-Site Request Forgery (0.3.2)

WordPress Plugin WordPress Email Marketing-WP Email Capture Multiple Vulnerabilities (3.9.3)

Severity

Medium

Classification

CVE-2020-12718 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities