Description

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.

Remediation

References

CVE-2020-12718

Related Vulnerabilities

WordPress Plugin PushEngage Web Push Notifications Cross-Site Scripting (1.5.8)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)

MySQL Resource Management Errors Vulnerability (CVE-2010-3679)

Restlet Framework Deserialization of Untrusted Data Vulnerability (CVE-2013-4271)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39111)

Severity

Medium

Classification

CVE-2020-12718 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities