Lucene search
K

12 matches found

OSV
OSV
added 2024/03/25 7:45 p.m.19 views

GHSA-6P68-36M6-392R phpMyFAQ Stored Cross-site Scripting at FAQ News Content

Summary By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. PoC 1. Edit a FAQ news, intercept the request and modify the news parameter in the POST body with the following...

4.3CVSS5.5AI score0.00542EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/03/25 7:45 p.m.28 views

phpMyFAQ Stored Cross-site Scripting at FAQ News Content

Summary By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. PoC 1. Edit a FAQ news, intercept the request and modify the news parameter in the POST body with the following...

5.4CVSS6.5AI score0.00542EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/25 6:41 p.m.19 views

CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...

4.3CVSS6.2AI score0.00542EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/25 6:41 p.m.59 views

CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability i...

4.3CVSS5AI score0.00542EPSS
Exploits1References2
OSV
OSV
added 2023/05/31 3:30 a.m.20 views

GHSA-974Q-4VVR-VG9C thorsten/phpmyfaq vulnerable to cross-site scripting

In thorsten/phpmyfaq prior to 3.1.14, when admins create a FAQ News, they can pass xss to the "text of the record" section...

6CVSS6AI score0.00521EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/05/31 3:30 a.m.16 views

thorsten/phpmyfaq vulnerable to cross-site scripting

In thorsten/phpmyfaq prior to 3.1.14, when admins create a FAQ News, they can pass xss to the "text of the record" section...

6.1CVSS6.1AI score0.00521EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/04/05 6:30 p.m.20 views

GHSA-JVJX-QQH7-6X6C thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the FAQ News link parameter. This has been fixed in 3.1.12...

8.1CVSS5.3AI score0.00532EPSS
Exploits1References4
OSV
OSV
added 2023/04/05 6:30 p.m.17 views

GHSA-2WJP-W7G7-H63Q thorsten/phpmyfaq vulnerable to improper access control

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to improper access control when FAQ News is marked as inactive in settings and have comments enabled, allowing comments to be posted on inactive FAQs. This has been fixed in 3.1.12...

5.4CVSS5.6AI score0.00492EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/04/05 6:30 p.m.31 views

thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the FAQ News link parameter. This has been fixed in 3.1.12...

8.1CVSS5AI score0.00532EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/05 6:30 p.m.21 views

thorsten/phpmyfaq vulnerable to improper access control

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to improper access control when FAQ News is marked as inactive in settings and have comments enabled, allowing comments to be posted on inactive FAQs. This has been fixed in 3.1.12...

5.4CVSS5.6AI score0.00492EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2018/08/28 5:29 p.m.20 views

CVE-2014-6046

Multiple cross-site request forgery CSRF vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that 1 delete active users by leveraging improper validation of CSRF tokens or that 2 delete open questions, 3 activate users, 4...

8.8CVSS9.1AI score0.01932EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/08/28 5:0 p.m.26 views

CVE-2014-6046

Multiple cross-site request forgery CSRF vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that 1 delete active users by leveraging improper validation of CSRF tokens or that 2 delete open questions, 3 activate users, 4...

9.2AI score0.01932EPSS
Exploits0References2
Rows per page
Query Builder