CVE-2021-28280

MEDIUM
Published Apr 29, 20215y ago · Modified Jun 17, 20262w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Apr 29, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-352 Cross-Site Request Forgery (CSRF) Authentication
CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
php-fusionphpfusion9.03.110any

References 5

  • anotepad.com https://anotepad.com/notes/2skndayt
    ExploitThird Party Advisory
  • github.com https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c
    PatchThird Party Advisory
  • github.com https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6
    PatchThird Party Advisory
  • github.com https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b
    PatchThird Party Advisory
  • github.com https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c
    PatchThird Party Advisory
  • github.com https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6
    PatchThird Party Advisory
  • github.com https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b
    PatchThird Party Advisory
  • github.com https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd
    PatchThird Party Advisory