Lucene search
China National Vulnerability DatabaseCNVD-2023-83071HistoryNov 02, 2023 - 12:00 a.m.
phpMyFAQ action parameter cross-site scripting vulnerability
2023-11-0200:00:00
China National Vulnerability Database
www.cnvd.org.cn
4
phpmyfaq
cross-site scripting
vulnerability
action parameter
admin
attacker
web script
html
injection
phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.2, which stems from the lack of effective filtering and escaping of user-supplied data in the action parameter of admin/index.php?action=, and can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyfaq phpmyfaq | lt | 3.2.2 |
Related
osv
osv
phpMyFAQ Cross-site Scripting vulnerability
2023-10-31 03:31:21
CVE-2023-5863
2023-10-31 01:15:07
veracode
veracode
Cross-site Scripting (XSS)
2023-11-01 09:13:18
prion
prion
Cross site scripting
2023-10-31 01:15:00
huntr
huntr
Reflected XSS in /admin/index.php
2023-09-30 06:39:57
github
github
phpMyFAQ Cross-site Scripting vulnerability
2023-10-31 03:31:21
cve
cve
CVE-2023-5863
2023-10-31 01:15:07
cvelist
cvelist
CVE-2023-5863 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
2023-10-31 00:00:19
nvd
nvd
CVE-2023-5863
2023-10-31 01:15:07
nessus
nessus
freebsd
freebsd
phpmyfaq -- multiple vulnerabilities
2023-10-31 00:00:00
openvas
openvas
phpMyFAQ < 3.2.2 Multiple Vulnerabilities
2023-11-02 00:00:00