Lucene search
K

7 matches found

Cvelist
Cvelist
added yesterday4 views

CVE-2026-57994 phpMyFAQ - Information Disclosure of Inactive FAQ Content via Public API Endpoints

phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its public FAQ API endpoints, allowing unauthenticated attackers to retrieve inactive draft or review-only FAQ content. Specifically, GET /api/v3.1/faq/categoryId/faqId returns the inactive FAQ title and...

6.9CVSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.6 views

CVE-2025-57425

A Stored Cross-Site Scripting XSS vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint...

6.1CVSS5.4AI score0.00269EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34788 · Sourcecodester · Faq Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester FAQ Management System version 1.0 Description: A Stored Cross-Site Scripting XSS vulnerability exists in the FAQ Management System. An authenticated attacker can inject malicious JavaScript into the question and answer fields...

6.1CVSS5.2AI score0.00269EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/05/29 12:0 a.m.5 views

The vulnerability of the FAQ Management System’s /endpoint/delete-faq.php script allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the Add FAQ component of the management system’s FAQ module often stems from the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries against the database remotely...

6.4CVSS5.9AI score0.00492EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/03/01 4:15 p.m.3 views

CVE-2024-2070

A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched...

6.1CVSS3.8AI score0.00498EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.12 views

PT-2024-18694 · Sourcecodester · Sourcecodester Loan Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester FAQ Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /endpoint/delete-faq.php. The manipulation of the faq argument leads to sql injection,...

6.5CVSS6.7AI score0.00519EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.4 views

FAQ Management System Cross-Site Scripting Vulnerability

FAQ Management System is a frequently asked questions management system by Remy Andrade, an individual developer. A cross-site scripting vulnerability exists in version 1.0 of the FAQ Management System, which stems from the parameter question/answer in the file /endpoint/add-faq.php, which result...

6.1CVSS6AI score0.00498EPSS
Exploits1References4
Rows per page
Query Builder