Stored XSS Vulnerability in PHP-Fusion 9.03.50's Preview Comment Feature

Stored XSS Vulnerability in PHP-Fusion 9.03.50's Preview Comment Feature

CVE-2020-12718 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.

Learn more about our Web Application Penetration Testing UK.