CVE-2023-1886 Authentication Bypass by Capture-replay in thorsten/phpmyfaq

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1887 Business Logic Errors in thorsten/phpmyfaq

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1884 Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

CVE-2023-1885 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1880 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12. An attacker can exploit this vulnerability to perform stored cross-site scripting XSS attacks...

CVE-2023-1879 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1880

PhpMyFAQ v3.1.11 is vulnerable to reflected XSS via the artlang parameter in send2friend; the issue arises from unsanitized user input in artlang. Unauthenticated users could inject scripts. The remediation is to upgrade to 3.1.12 (patched). No exploitation status is provided in the documents.

CVE-2023-1879

CVE-2023-1879 affects thorsten/phpmyfaq before version 3.1.12, where a stored XSS vulnerability exists due to improper sanitization in the updatecategory parameter. The issue can lead to execution of malicious scripts when affected data is accessed. Public documents consistently cite the fix in v...

CVE-2023-1757

CVE-2023-1757 is a stored XSS vulnerability in phpMyFAQ prior to 3.1.12. The root cause, per the linked advisory, is unsanitized input in the FAQ News link parameter, enabling stored script execution. In affected versions, an attacker could exploit this via the News link parameter; remediation is...

PT-2023-17311 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue concerns improper access control in the thorsten/phpmyfaq GitHub repository. Specifically, when FAQ News is marked as inactive in settings and comments are enabled, it allows...

CVE-2023-1882 Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq

Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1886 Authentication Bypass by Capture-replay in thorsten/phpmyfaq

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1878 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1886 Authentication Bypass by Capture-replay in thorsten/phpmyfaq

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1878 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.1.12, which stems from the ability to bypass authentication via capture replay...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12, which stems from the presence of a reflected cross-site scripting XSS vulnerability...

CVE-2023-1878 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...