CVE-2023-53928
Stored XSS in PHPFusion File Manager via Malicious SVG Upload
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpfusion | phpfusion | 9.10.30 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious SVG files uploaded to the PHPFusion file manager, specifically SVG files containing embedded JavaScript <script> tags. One way to detect this is to inspect uploaded SVG files for script tags. Additionally, monitoring HTTP POST requests to the file upload endpoint `/files/includes/elFinder/php/connector.php` with multipart/form-data encoding containing SVG files can help identify exploit attempts. For example, you can use commands like `grep -r '<script' /path/to/phpfusion/uploads/` to find SVG files with embedded scripts. Network monitoring tools can be used to detect POST requests to the vulnerable upload URL. Also, reviewing access logs for requests to `/files/administration/file_manager.php` with admin session parameters may help identify suspicious activity. [2]
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue in PHPFusion 9.10.30's file manager. It allows attackers to upload malicious SVG files containing embedded JavaScript. When these SVG files are viewed, the embedded script executes arbitrary JavaScript code.
How can this vulnerability impact me? :
The vulnerability can lead to attackers stealing user session information or performing other client-side attacks by executing arbitrary JavaScript in the context of the affected application.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling SVG file uploads in the PHPFusion file manager, especially if SVG files are not required. If SVG uploads are necessary, implement strict server-side validation and sanitization to remove any embedded JavaScript or script tags from SVG files before allowing them to be stored. Additionally, apply access controls to limit who can upload files, ensuring only trusted users with appropriate privileges can do so. Monitoring and removing any existing malicious SVG files from the server is also recommended. Finally, keep PHPFusion updated and monitor for any official patches or security updates addressing this vulnerability. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to execute arbitrary JavaScript in users' browsers by uploading malicious SVG files, potentially leading to theft of user session information. This could result in unauthorized access to personal data, which may violate data protection regulations such as GDPR or HIPAA by compromising confidentiality and user privacy. However, specific impacts on compliance are not detailed in the provided resources. [1, 2]