CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1756 matches found

CNNVD•added 2023/01/15 12:0 a.m.•2 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.10, which stems from the presence of stored cross-site scripting XSS. No details of the vulnerability are provided at this time...

5.4CVSS4.7AI score0.00261EPSS

Exploits0References3

CNNVD•added 2023/01/15 12:0 a.m.•1 views

phpMyFAQ 跨站脚本漏洞

8.6CVSS6.8AI score0.00674EPSS

Exploits0References3

Vulnrichment•added 2023/01/15 12:0 a.m.•5 views

CVE-2023-0309 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

8.6CVSS5.9AI score0.00244EPSS

Exploits0References2

Vulnrichment•added 2023/01/15 12:0 a.m.•9 views

CVE-2023-0306 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

9.1CVSS5.9AI score0.0041EPSS

Exploits0References2

Cvelist•added 2023/01/15 12:0 a.m.•15 views

CVE-2023-0307 Weak Password Requirements in thorsten/phpmyfaq

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10...

5.7CVSS9.8AI score0.00796EPSS

Exploits0References2

CVE•added 2023/01/15 12:0 a.m.•79 views

CVE-2023-0311

CVE-2023-0311 affects phpMyFAQ (thorsten/phpmyfaq) prior to version 3.1.10 due to an improper authentication/authorization issue. The vulnerability is documented with a CVSSv3.1 base score of 9.8 (Network attack, no user interaction, high impact on confidentiality, integrity, and availability). T...

9.8CVSS7.3AI score0.01393EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2023/01/15 12:0 a.m.•1 views

PT-2023-16169 · Thorsten · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.10 Description: The issue is related to Cross-site Scripting XSS - Reflected. This is a type of security vulnerability that occurs when an application takes user input and sends it back to the user...

6.5CVSS6AI score0.00309EPSS

Exploits0References9

Veracode•added 2022/12/13 2:45 a.m.•19 views

Information Disclosure

thorsten/phpmyfaq is vulnerable to information disclosure.The vulnerability exists in the setCookie function of session.php due to insecure HTTP cookies without the 'secure' attribute which allows an attacker to gain access to sensitive information...

7.5CVSS7.3AI score0.00162EPSS

Exploits1References5Affected Software2

Veracode•added 2022/12/13 1:45 a.m.•18 views

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to cross-site scripting. The vulnerability is due to index.php missing safe conversion to HTML entities which allows an attacker to inject and execute malicious JavaScript...

6.1CVSS6AI score0.09241EPSS

Exploits2References4Affected Software2

Tenable Nessus•added 2022/12/13 12:0 a.m.•10 views

FreeBSD : phpmyfaq -- multiple vulnerabilities (439f3f81-7a49-11ed-97ac-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 439f3f81-7a49-11ed-97ac-589cfc0f81b0 advisory. - phpmyfaq developers report: an authenticated SQL injection when adding categories in the admin backen...

5.5AI score

Exploits0References12

Huntr•added 2022/12/12 11:41 p.m.•18 views

Stored XSS on User Management, Category, Add New FAQ, Add News and Configuration

Description Improper validation on user input in Add Category module, Add New FAQ module, Add News and edit Configuration in phpMyFAQ v3.1.9 allow user to execute malicious javascript payload which lead to vulnerability Stored XSS Proof of Concept - Login to demo instance...

4.9CVSS5.4AI score0.00261EPSS

Exploits0References1

OpenVAS•added 2022/12/12 12:0 a.m.•22 views

phpMyFAQ < 3.1.9 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

9.8CVSS7AI score0.09241EPSS

Exploits4References3