Lucene search

GitHub Advisory DatabaseGHSA-C38P-VW6J-QJPR

HistoryFeb 12, 2023 - 3:30 p.m.

Cross-site Scripting in thorsten/phpmyfaq

2023-02-1215:30:25

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

github

repository

thorsten

phpmyfaq

version 3.1.11

software

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

21.2%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

Affected configurations

Vulners

Node

thorstenphpmyfaqRange<3.1.11

CPENameOperatorVersion
thorsten/phpmyfaqlt3.1.11

CPE	Name	Operator	Version
	thorsten/phpmyfaq	lt	3.1.11

References

github.com/advisories/GHSA-c38p-vw6j-qjpr

github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce

huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d

nvd.nist.gov/vuln/detail/CVE-2023-0791

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

21.2%

JSON

Related for GHSA-C38P-VW6J-QJPR