CVE-2020-36996

PHPFusion 9.03.50 - Persistent Cross-Site Scripting

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script execution in victim browsers.

We have discovered 79 live websites that are affected by CVE-2020-36996.

Run a Free Instant Scan



Affected Software

Product  PHPFusion
Category Content Management System
Vulnerable Domains79 live websites (44% of PHPFusion install base)
Vulnerable Versions
  • from 0 through 9.3.50
Vulnerable Versions Count11 versions ( 55% of all versions)



Details

  • Published - Jan 30, 2026
  • Updated - Mar 5, 2026

Credits

  • coiffeur (finder)

Website Distribution by Country

Number of websites using CVE-2020-36996
United States11 websites


Netherlands16 websites
Germany13 websites
GB12 websites
Poland11 websites
Denmark3 websites
Czech Republic2 websites
Slovakia2 websites
Belgium1 websites
China1 websites

Website Distribution by TLD

Number of websites using CVE-2020-36996
.eu13 websites
.com11 websites
.de10 websites
.nl8 websites
.pl7 websites
.co.uk5 websites
.dk4 websites
.org3 websites
.info2 websites
.net2 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2020-36996

Top websites that are affected by CVE-2020-36996. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.****.org Netherlands*,***,***
*******.***.la Laos*,***,***
**********.**.uk GB*,***,***
*********.com France*,***,***
******.ro Romania*,***,***
*********.pl Poland*,***,***
**********.eu Czech Republic*,***,***
********.*******.eu Poland*,***,***
***.************.nl Netherlands*,***,***
**************.nl Netherlands**,***,***
See full domain list

FAQ

A total of 79 websites have been identified as vulnerable to CVE-2020-36996, based on global website indexing conducted by WebTechSurvey.
The PHPFusion is affected by the CVE-2020-36996 vulnerability.
PHPFusion versions up to and including 9.3.50 are vulnerable to CVE-2020-36996.