CVE-2023-1760 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1762 Improper Privilege Management in thorsten/phpmyfaq

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1762

The CVE-2023-1762 issue affects phpMyFAQ (thorsten/phpmyfaq) and stems from improper privilege management. Prior to version 3.1.12, any user who can add a new user could grant themselves super admin rights, enabling privilege escalation. Affected component: user/privilege handling within the appl...

CVE-2023-1760 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1753 Weak Password Requirements in thorsten/phpmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.12, which stems from improper input neutralization...

CVE-2023-1753 Weak Password Requirements in thorsten/phpmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1759 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1753

CVE-2023-1753 covers weak password requirements in the GitHub repository for thorsten/phpMyFAQ before version 3.1.12. Multiple connected sources confirm this vulnerability class and its affected scope: phpMyFAQ prior to 3.1.12, stemming from weak password policies, with advisories and CVE records...

CVE-2023-1759

CVE-2023-1759 is a stored cross-site scripting (XSS) vulnerability affecting phpMyFAQ versions prior to 3.1.12, reported across multiple feeds. The issue arises from storing user-supplied input without proper validation, enabling injection of script code in the affected application. The connected...

CVE-2023-1754

CVE-2023-1754 describes an improper neutralization of input during web page generation in the GitHub repository thorsten/phpmyfaq prior to 3.1.12, identified as a cross-site scripting risk in multiple sources. The vulnerability affects phpMyFAQ before 3.1.12 and is rooted in insufficient input ha...

FreeBSD : phpmyfaq -- multiple vulnerabilities (6bacd9fd-ca56-11ed-bc52-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6bacd9fd-ca56-11ed-bc52-589cfc0f81b0 advisory. - phpmyfaq developers report: XSS weak passwords privilege escalation Captcha bypass 6bacd9fd-ca56-11ed...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: XSS weak passwords privilege escalation Captcha bypass...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in instances.php due to missing sanitization to escape newly added values which allows an attacker to inject and execute JavaScript...

Stored Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of santization in the getUserData parameter of header.php which allows an attacker to inject and execute arbitrary JavaScript into the system through the username field...

Weak Password Requirements

phpmyfaq is vulnerable to Weak Password Requirements. The vulnerability is due to the lack of a password policy, a remote attacker is able to brute force the password if a user uses a weak password, resulting in account takeover...

Improper Input Validation

phpmyfaq is vulnerable to Improper Input Validation. The vulnerability exists due to a lack of input validation in ajaxservice.php which allows an attacker to spam proposals into the system...

HTML Injection

phpmyfaq is vulnerable to HTML Injection. The vulnerability exists due to improper input sanitization in the tags component, which allows an attacker to inject and execute malicious HTML content, possibly resulting in code execution...

Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the missing conversion for HTML entities in Faq.php, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the missing conversion for HTML entities in report.view.php, allowing an attacker to inject and execute malicious JavaScript through the FAQ-Proposal, which leads to an admin account takeover...