Cross site scripting

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by Thorsten Rinne, an individual developer. A security vulnerability exists in phpMyFAQ versions prior to 3.1.9, which stems from the absence of a "secure" attribute for sensitive cookies in HTTPS sessions...

CVE-2022-4407 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

CVE-2022-4407

CVE-2022-4407 affects phpMyFAQ versions before 3.1.9. The vulnerability is a reflected XSS in the admin area (e.g., action parameter in phpmyfaq/admin/index.php), caused by unsanitized user input being echoed into HTML attributes. Multiple sources (NVD entry, Exploit-DB PoC for 3.1.7, OSV/CIRCL s...

CVE-2022-4408

phpMyFAQ is affected up to version 3.1.8 with a stored Cross-site Scripting (XSS) vulnerability. The issue arises from handling user input stored in the database (GitHub repo thorsten/phpmyfaq). Impact is XSS in affected users’ browsers. Remediation: upgrade to version 3.1.9 or later; as a workar...

CVE-2022-4409

CVE-2022-4409 affects the PHPMyFAQ project (thorsten/phpmyfaq), where in versions prior to 3.1.9 a sensitive cookie used in HTTPS sessions is set without the Secure attribute. This can expose session data over non-secure channels. The public records consistently identify the issue as a cookie sec...

PT-2022-27097

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 3.1.9 Description The issue is related to Cross-site Scripting XSS - Reflected. This means an attacker can inject malicious scripts into a website, which will then be executed by the user's browser. The estimated...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system from the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.1.9. An attacker exploited the vulnerability to perform cross-site scripting attacks...

PT-2022-27107 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.1.9 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This problem affects the GitHub repository thorsten/phpmyfaq. There is no information provided about th...

CVE-2022-4408 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system from the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.1.9. An attacker exploited the vulnerability to perform cross-site scripting attacks...

CVE-2022-4407 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

CVE-2022-4409 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

PT-2022-27102 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.1.9 Description: The issue is related to stored Cross-site Scripting XSS in the GitHub repository thorsten/phpmyfaq. This type of attack occurs when an application stores user input in a database or file and later...

CVE-2022-4408 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9...

FreeBSD : phpmyfaq -- multiple vulnerabilities (f5a48a7a-61d3-11ed-9094-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f5a48a7a-61d3-11ed-9094-589cfc0f81b0 advisory. - phpmyfaq developers report: a pre-auth SQL injection in then saving user comments a reflected...

phpMyFAQ < 3.2.0 XSS Vulnerability

phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...

phpMyFAQ < 3.1.8 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

Authentication Bypass

thorsten/phpmyfaq is vulnerable to authentication bypass. The vulnerability exists due to lack of restrictions in the password change function which allows an attacker to successfully update the password by changing one character...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to cross-site scripting. The vulnerability exists in multiple functions due to missing quoting for search terms which allows an attacker to inject arbitrary html and script code into the web site...