CVE-2020-23185: XSS
First published: Fri Jul 02 2021(Updated: )
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Php-fusion Php-fusion | =9.03.60 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-23185.
What is the severity rating for CVE-2020-23185?
CVE-2020-23185 has a severity rating of medium, with a CVSS score of 5.4.
What software version is affected by CVE-2020-23185?
CVE-2020-23185 affects PHP-Fusion version 9.03.60 exactly.
How does CVE-2020-23185 impact security?
CVE-2020-23185 is a stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to execute arbitrary web scripts or HTML.
Is there a fix available for CVE-2020-23185?
At the time of writing, there is no official fix available for CVE-2020-23185. It is recommended to follow the vendor's security advisories for any updates or patches.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/php-fusion
- canonical/php-fusion php-fusion
- version/php-fusion php-fusion/9.03.60