CVE-2023-53928

PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload

PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks.

We have discovered 44 live websites that are affected by CVE-2023-53928.

Run a Free Instant Scan



Affected Software

Product  PHPFusion
Category Content Management System
Vulnerable Domains44 live websites (25% of PHPFusion install base)
Vulnerable Versions
  • from 9.10.30 through 9.10.30
Vulnerable Versions Count1 versions ( 5.00% of all versions)



Details

  • Published - Dec 17, 2025
  • Updated - Apr 7, 2026

Credits

  • Mirabbas Ağalarov (finder)

Website Distribution by Country

Number of websites using CVE-2023-53928
United States8 websites


Germany8 websites
GB4 websites
Hungary4 websites
Poland4 websites
Denmark3 websites
Italy2 websites
Russia2 websites
Czech Republic1 websites

Website Distribution by TLD

Number of websites using CVE-2023-53928
.com12 websites
.de4 websites
.dk3 websites
.org3 websites
.ru2 websites
.net2 websites
.nl2 websites
.pl2 websites
.co.uk1 websites
.cz1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2023-53928

Top websites that are affected by CVE-2023-53928. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*******.de Germany*,***,***
*********.cz Czech Republic*,***,***
*****.ir Iran*,***,***
***********.com United States*,***,***
**************.de Germany*,***,***
***********.com GB**,***,***
******.*****.hu Hungary**,***,***
******.hu Hungary**,***,***
*************.ru Russia**,***,***
*****.**.uk GB**,***,***
See full domain list

FAQ

A total of 44 websites have been identified as vulnerable to CVE-2023-53928, based on global website indexing conducted by WebTechSurvey.
The PHPFusion is affected by the CVE-2023-53928 vulnerability.
PHPFusion versions up to and including 9.10.30 are vulnerable to CVE-2023-53928.