Description

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.

Remediation

References

CVE-2020-12718

Related Vulnerabilities

WordPress Plugin WP-Backgrounds Lite Cross-Site Request Forgery (2.3)

WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1)

PHP Other Vulnerability (CVE-2007-1396)

WordPress Plugin Tutor LMS Elementor Addons Cross-Site Scripting (2.1.3)

Python Improper Input Validation Vulnerability (CVE-2018-20852)

Severity

Medium

Classification

CVE-2020-12718 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities