CVE-2021-28280: CSRF
First published: Thu Apr 29 2021(Updated: )
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Php-fusion Phpfusion | =9.03.110 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://anotepad.com/notes/2skndayt
- https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c
- https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6
- https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b
- https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd
Frequently Asked Questions
What is the vulnerability ID for this CSRF and Cross-site scripting (XSS) vulnerability in PHPFusion?
The vulnerability ID is CVE-2021-28280.
What is the affected version of PHPFusion?
The affected version of PHPFusion is 9.03.110.
What is the severity rating of CVE-2021-28280?
The severity rating of CVE-2021-28280 is medium (6.1).
How can remote attackers exploit this vulnerability?
Remote attackers can exploit this vulnerability by injecting arbitrary web script or HTML.
How can I fix this CSRF and Cross-site scripting (XSS) vulnerability in PHPFusion?
To fix this vulnerability, update PHPFusion to a version that includes the necessary fixes or patches provided by the PHPFusion developers.
- collector/nvd-index
- vendor/php-fusion
- canonical/php-fusion phpfusion
- version/php-fusion phpfusion/9.03.110