Stored XSS Vulnerability in PHP-Fusion 9.03.50's Preview Comment Feature
CVE-2020-12718 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
Learn more about our Web Application Penetration Testing UK.