Security Advisory

CVE-2020-12438

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-28 20:51:35

Last updated 2024-08-04 11:56:51

Assigner mitre

State PUBLISHED

Description

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.

← Browse all CVEs View on cve.org ↗