phpMyFAQ vulnerable to Cross-site Scripting

2022-10-1919:00:24

Google

osv.dev

phpmyfaq

cross-site scripting

vulnerable

patch

version 3.2.0-alpha

8.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

40.6%

JSON

phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting (XSS). A patch is available on the main branch of the repository and anticipated to be part of version 3.2.0-alpha.

CPENameOperatorVersion
phpmyfaq/phpmyfaqeq2.8.15
phpmyfaq/phpmyfaqeq2.9.13
phpmyfaq/phpmyfaqeq2.9.11
phpmyfaq/phpmyfaqeq2.8.4
thorsten/phpmyfaqeq2.8.24
thorsten/phpmyfaqeq2.9.0-rc2
thorsten/phpmyfaqeq3.1.0-alpha
thorsten/phpmyfaqeq3.0.0-beta
phpmyfaq/phpmyfaqeq2.10.0-alpha
thorsten/phpmyfaqeq2.9.5

Name	Operator	Version
phpmyfaq/phpmyfaq	eq	2.8.15
phpmyfaq/phpmyfaq	eq	2.9.13
phpmyfaq/phpmyfaq	eq	2.9.11
phpmyfaq/phpmyfaq	eq	2.8.4
thorsten/phpmyfaq	eq	2.8.24
thorsten/phpmyfaq	eq	2.9.0-rc2
thorsten/phpmyfaq	eq	3.1.0-alpha
thorsten/phpmyfaq	eq	3.0.0-beta
phpmyfaq/phpmyfaq	eq	2.10.0-alpha
thorsten/phpmyfaq	eq	2.9.5