CNNVD-202602-817 Information
Feb 05, 2026
cve
CNNVD ID
CNNVD-202602-817
Related CVE
- CNNVD Published: 2026-02-05
Description (Chinese)
PHPFusion是马来西亚PHPFusion公司的一套基于MySql和PHP的开源轻量级内容管理系统。该系统包含新闻、文章和论坛等模块。 PHPFusion 9.03.50版本存在跨站脚本漏洞,该漏洞源于panels.php中panel_content参数输入清理不当,可能导致跨站脚本攻击。
Description (English)
PHPFusion is an open-source lightweight content management system based on MySql and PHP by PHP Malaysia. The system contains modules such as news, articles and forums. PHPFusion version 9.03.50 has a cross-site script loophole, which stems from the inappropriate clean-up of Panel content parameters in panels.php and may result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
PHPFusion
Published
2026-02-05
Last Modified
2026-02-24
References
https://www.exploit-db.com/exploits/48299 https://www.php-fusion.co.uk/ https://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-scripting-xss