The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23182
Reference (s):
- https://github.com/phpfusion/PHPFusion/issues/2329