CVE-2020-23182

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.60

Description The issue allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel in the /php-fusion/infusions/shoutbox panel/shoutbox archive.php component.

Recommendations For PHP-Fusion version 9.03.60, consider restricting access to the Shoutbox message panel until a fix is available, and avoid using the Shoutbox feature with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.