CNNVD-202512-3243 Information

Dec 17, 2025 cve

CNNVD ID

CNNVD-202512-3243

CVE-2023-53928

CNNVD Published: 2025-12-17

Description (Chinese)

PHPFusion是马来西亚PHPFusion公司的一套基于MySql和PHP的开源轻量级内容管理系统。该系统包含新闻、文章和论坛等模块。 PHPFusion 9.10.30版本存在跨站脚本漏洞，该漏洞源于文件管理器允许上传嵌入JavaScript的恶意SVG文件，可能导致存储型跨站脚本攻击。

Description (English)

PHPFusion is an open-source lightweight content management system based on MySql and PHP by PHP Malaysia. The system contains modules such as news, articles and forums. Version 9.10.30 of PHPFusion has a cross-site script loophole, which stems from the fact that the file manager allows the uploading of malicious SVG files embedded in JavaScript, which could lead to a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

PHPFusion

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51411 https://www.phpfusion.com/index.php https://www.vulncheck.com/advisories/phpfusion-stored-cross-site-scripting-via-file-manager-upload https://access.redhat.com/security/cve/cve-2023-53928

Share on: