CVE-2021-28280

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML

We have discovered 90 live websites that are affected by CVE-2021-28280.

Run a Free Instant Scan



Affected Software

Product  PHPFusion
Category Content Management System
Vulnerable Domains90 live websites (51% of PHPFusion install base)
Vulnerable Versions
  • from 0 through 9.3.110
Vulnerable Versions Count15 versions ( 75% of all versions)



Details

  • Published - Apr 29, 2021
  • Updated - Aug 3, 2024

Website Distribution by Country

Number of websites using CVE-2021-28280
United States16 websites


Netherlands16 websites
Germany15 websites
GB12 websites
Poland12 websites
Czech Republic3 websites
Denmark3 websites
Hungary2 websites
Slovakia2 websites
Belgium1 websites

Website Distribution by TLD

Number of websites using CVE-2021-28280
.com13 websites
.eu13 websites
.de10 websites
.org8 websites
.pl8 websites
.nl8 websites
.co.uk5 websites
.dk4 websites
.net3 websites
.cz2 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2021-28280

Top websites that are affected by CVE-2021-28280. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.****.org Netherlands*,***,***
*********.org United States*,***,***
*******.***.la Laos*,***,***
**********.**.uk GB*,***,***
*********.com France*,***,***
******.ro Romania*,***,***
*********.pl Poland*,***,***
**********.eu Czech Republic*,***,***
********.*******.eu Poland*,***,***
***.************.nl Netherlands*,***,***
See full domain list

FAQ

A total of 90 websites have been identified as vulnerable to CVE-2021-28280, based on global website indexing conducted by WebTechSurvey.
The PHPFusion is affected by the CVE-2021-28280 vulnerability.
PHPFusion versions up to and including 9.3.110 are vulnerable to CVE-2021-28280.