CVE-2020-12438

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50

Description A security issue exists in the banners.php page due to inadequate protection against certain types of attacks. The only security measure in place is the removal of SCRIPT tags, which can be bypassed by using HTML event handlers to execute JavaScript code. This allows a malicious actor to exploit the issue.

Recommendations For PHP-Fusion version 9.03.50, consider disabling access to the banners.php page until a proper fix is implemented to prevent the exploitation of this issue. Additionally, restricting the use of HTML event handlers in this context can serve as a temporary mitigation measure.