Lucene search
GitHub Advisory DatabaseGHSA-6RJ8-9CM9-6GFFHistoryOct 19, 2022 - 7:00 p.m.
phpMyFAQ vulnerable to Cross-site Scripting
2022-10-1919:00:24
CWE-79
GitHub Advisory Database
github.com
11
phpmyfaq
cross-site scripting
vulnerable
patch
3.2.0-alpha
repository
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
40.6%
phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting (XSS). A patch is available on the main branch of the repository and anticipated to be part of version 3.2.0-alpha.
Affected configurations
Node
phpmyfaqphpmyfaqRange≤3.1.7
ORthorstenphpmyfaqRange≤3.1.7
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyfaq/phpmyfaq | le | 3.1.7 | |
| thorsten/phpmyfaq | le | 3.1.7 |
Related
cve
cve
CVE-2022-3608
2022-10-19 13:15:08
osv
osv
phpMyFAQ vulnerable to Cross-site Scripting
2022-10-19 19:00:24
CVE-2022-3608
2022-10-19 13:15:08
prion
prion
Cross site scripting
2022-10-19 13:15:00
nvd
nvd
CVE-2022-3608
2022-10-19 13:15:08
cvelist
cvelist
CVE-2022-3608 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
2022-10-19 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2022-10-20 04:29:37
huntr
huntr
Stored XSS and possible RCE/LFI in case of misconfiguration
2022-10-03 11:10:31
openvas
openvas
phpMyFAQ < 3.2.0 XSS Vulnerability
2022-11-03 00:00:00
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
40.6%
Related for GHSA-6RJ8-9CM9-6GFF