CVE-2023-1757 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

PT-2023-17315 · Thorsten · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue concerns business logic errors in the thorsten/phpmyfaq GitHub repository. Specifically, users with edit-only permissions could add and delete categories and add FAQs, despite...

PT-2023-17314 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue allows for authentication bypass by capture-replay, enabling unlimited comments to be sent. This has been fixed in version 3.1.12. Recommendations: For versions prior to 3.1.12...

CVE-2023-1883 Improper Access Control in thorsten/phpmyfaq

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1879 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1757 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1879 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ 访问控制错误漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. An Access Control Error vulnerability exists in versions prior to phpMyFAQ 3.1.12, which stems from improper access control...

CVE-2023-1886

CVE-2023-1886 affects thorsten/phpMyFAQ prior to version 3.1.12. Authentication bypass by capture-replay is documented in multiple feeds (GitHub commit, GHSA advisory, OSV). The underlying issue allows bypassing login to perform actions such as posting comments, with CVSS 3.1 scores indicating hi...

CVE-2023-1885

CVE-2023-1885 affects thorsten/phpmyfaq prior to 3.1.12. The vulnerability is a stored XSS caused by failure to sanitize user input in the category field name parameter, enabling script execution when affected data is viewed. Remediation: upgrade to version 3.1.12 (fixed). Multiple sources in the...

CVE-2023-1882

thorsten/phpmyfaq before version 3.1.12 is vulnerable to DOM-based XSS caused by unsanitized input in the configuration privacy note URL parameter. This has been fixed in 3.1.12. Affected scope: software prior to 3.1.12; impact is client-side code execution via the DOM. Remediation: upgrade to 3....

CVE-2023-1757 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1756 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ < 3.1.12 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

Multiple Stored XSS via mail parameter

Description In PhpMyFaq, while submitting a question, the mail parameter is accepting unsanitized user input which leads to Stored XSS vulnerability, executing on Admin Panel /admin/?action=question. Proof of Concept 1. Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 1. Fill ...

phpMyFAQ Stored Cross-site Scripting vulnerability

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ vulnerable to improper input validation

Improper Neutralization of Input During Web Page Generation in phpMyFAQ...

GHSA-4P4M-5QP7-479X phpMyFAQ has weak password requirements

Weak password requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ has weak password requirements

Weak password requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ Cross-site Scripting vulnerability

Cross-site Scripting XSS - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12...