CVE-2023-1883

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Improper access control

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Authentication flaw

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Code injection

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Cross site scripting

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1757

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1758

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1756

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

PT-2023-17306 · Thorsten · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue is related to stored Cross-site Scripting XSS due to the failure to sanitize user input in the adminlog. This has been fixed in version 3.1.12. Recommendations: For versions...

CVE-2023-1880 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1756 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1887 Business Logic Errors in thorsten/phpmyfaq

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1887

CVE-2023-1887 affects thorsten/phpmyfaq prior to 3.1.12. The vulnerability stems from business logic errors that let users with edit-only permissions add/delete categories and add FAQs. The issue is fixed in version 3.1.12. Affected versions before 3.1.12 should upgrade to 3.1.12 or apply the ven...

CVE-2023-1884

CVE-2023-1884 affects thorsten/phpmyfaq prior to version 3.1.12, with a cross-site scripting (XSS) vulnerability in the stopword parameter due to insufficient input sanitization. The issue is fixed in 3.1.12. Affected versions: before 3.1.12; impact is XSS as described in multiple sources (GHSA e...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12, which stems from the presence of a stored cross-site scripting XSS vulnerability...

PT-2023-17307 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue is related to stored Cross-site Scripting XSS due to the failure to sanitize user input in the updatecategory parameter. This allows for the storage of malicious scripts that c...