CVE-2020-23184: XSS
First published: Fri Jul 02 2021(Updated: )
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Php-fusion Php-fusion | =9.03.60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-23184?
CVE-2020-23184 is a stored cross site scripting (XSS) vulnerability in PHP-Fusion 9.03.60.
How does the vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 occur?
The vulnerability occurs when authenticated attackers enter a crafted payload into the "Registration" field, allowing them to execute arbitrary web scripts or HTML.
What is the severity of CVE-2020-23184?
CVE-2020-23184 has a severity rating of medium (5.4).
How can I fix the stored cross site scripting (XSS) vulnerability in PHP-Fusion 9.03.60?
To fix the vulnerability, update PHP-Fusion to a version that is not affected by the XSS vulnerability.
Where can I find more information about CVE-2020-23184?
More information about CVE-2020-23184 can be found at the following reference: https://github.com/phpfusion/PHPFusion/issues/2323
- collector/nvd-index
- vendor/php-fusion
- canonical/php-fusion php-fusion
- version/php-fusion php-fusion/9.03.60