CVE-2021-28280

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
Configurations

Configuration 1 (hide)

cpe:2.3:a:php-fusion:phpfusion:9.03.110:*:*:*:*:*:*:*

History

21 Nov 2024, 05:59

Type Values Removed Values Added
References () https://anotepad.com/notes/2skndayt - Exploit, Third Party Advisory () https://anotepad.com/notes/2skndayt - Exploit, Third Party Advisory
References () https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c - Patch, Third Party Advisory () https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c - Patch, Third Party Advisory
References () https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6 - Patch, Third Party Advisory () https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6 - Patch, Third Party Advisory
References () https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b - Patch, Third Party Advisory () https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b - Patch, Third Party Advisory
References () https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd - Patch, Third Party Advisory () https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd - Patch, Third Party Advisory

25 Apr 2022, 20:16

Type Values Removed Values Added
CWE CWE-352

Information

Published : 2021-04-29 15:15

Updated : 2024-11-21 05:59


NVD link : CVE-2021-28280

Mitre link : CVE-2021-28280

CVE.ORG link : CVE-2021-28280


JSON object : View

Products Affected

php-fusion

  • phpfusion
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-352

Cross-Site Request Forgery (CSRF)