CVE-2020-23754

Name of the Vulnerable Software and Affected Versions: PHP-Fusion version 9.03.50

Description: The issue is related to a Cross Site Scripting (XSS) vulnerability, which allows attackers to execute arbitrary code via the polls feature. This is made possible through the poll admin.php file in the infusions/member poll panel directory.

Recommendations: For PHP-Fusion version 9.03.50, consider disabling the polls feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the poll admin.php file to minimize the risk of arbitrary code execution.