CVE-2020-23185
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
Devamını oku
Day: Temmuz 2, 2021
CVE-2020-23184
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2020-23182
The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel.…
CVE-2020-23181
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2020-23179
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session…
CVE-2021-23403 (ts-nodash)
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. Devamını Oku
CVE-2021-23403
All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input. Devamını Oku
CVE-2021-23402 (record-like-deep-assign)
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. Devamını Oku
CVE-2021-23402
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. Devamını Oku