CVE-2023-53928

Name of the Vulnerable Software and Affected Versions PHPFusion version 9.10.30

Description The software contains a stored cross-site scripting issue in the file manager. Attackers can upload malicious SVG files containing embedded JavaScript. These files, when viewed, can execute arbitrary JavaScript, potentially leading to the theft of user session information or other client-side attacks. The vulnerability is triggered by uploading SVG files with script tags.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.