CVE-2020-37152

PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site.

We have discovered 2 live websites that are affected by CVE-2020-37152.

Run a Free Instant Scan



Affected Software

Product  PHPFusion
Category Content Management System
Vulnerable Domains2 live websites (1.12% of PHPFusion install base)
Vulnerable Versions
  • from 9.3.50 through 9.3.50
Vulnerable Versions Count1 versions ( 5.00% of all versions)



Details

  • Published - Feb 5, 2026
  • Updated - Mar 5, 2026

Credits

  • Unkn0wn (exploit author) (finder)

Website Distribution by Country

Number of websites using CVE-2020-37152
Germany1 websites
Hungary1 websites

Website Distribution by TLD

Number of websites using CVE-2020-37152
.de1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2020-37152

Top websites that are affected by CVE-2020-37152. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**********************.de Germany**,***,***
**********.hu Hungary**,***,***
See full domain list

FAQ

A total of 2 websites have been identified as vulnerable to CVE-2020-37152, based on global website indexing conducted by WebTechSurvey.
The PHPFusion is affected by the CVE-2020-37152 vulnerability.
PHPFusion versions up to and including 9.3.50 are vulnerable to CVE-2020-37152.