Lucene search

@huntrdevCVELIST:CVE-2022-4408

HistoryDec 11, 2022 - 12:00 a.m.

CVE-2022-4408 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

2022-12-1100:00:00

CWE-79

@huntrdev

www.cve.org

cross-site scripting

stored

github repository

thorsten/phpmyfaq

prior to 3.1.9

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.3%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

CNA Affected

[
  {
    "vendor": "thorsten",
    "product": "thorsten/phpmyfaq",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "3.1.9",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751

huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for CVELIST:CVE-2022-4408