CVE-2020-37152

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50

Description The application does not properly sanitize user input before rendering it in a browser, which allows attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the panel content POST parameter in the ''panels.php'' file, resulting in the execution of malicious scripts within the context of the affected site.

Recommendations Update to a newer version that contains a fix for this vulnerability.