CVE-2020-23179

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50

Description A stored cross site scripting (XSS) vulnerability in the administration/settings main.php file allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Site footer field. This issue is related to the lack of protection measures for the web page structure, which can be exploited by remote attackers to perform cross-site scripting attacks.

Recommendations For PHP-Fusion version 9.03.50, consider disabling the ability to edit the Site footer field in administration/settings main.php until a patch is available to prevent exploitation of this issue. Restrict access to the administration/settings main.php file to minimize the risk of arbitrary web script or HTML execution. Avoid using the Site footer field in the affected administration/settings main.php file until the issue is resolved.