CVE-2023-53928

PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

17 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Php-fusion · PHPFusion

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.exploit-db.com/exploits/51411 https://www.phpfusion.com/index.php https://www.vulncheck.com/advisories/phpfusion-stored-cross-site-scripting-via-file-manager-upload