1756 matches found
Cross-site Scripting (XSS)
thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. An attacker could exploit this vulnerability by tricking a user into clicking on a malicious link or a file via the file attachment upload functionality, which would contain a specially crafted XSS payload that would be injected into th...
GHSA-34W4-WRQP-J47G Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
GHSA-G5HP-328H-JJ98 phpMyFAQ Cross-site Scripting vulnerability
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
GHSA-J4VJ-W5RJ-8GRW phpMyFAQ Cross-site Scripting vulnerability
Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
CVE-2023-5867
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
CVE-2023-5863
Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
CVE-2023-5864
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
Session fixation
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
Cross site scripting
Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1...
CVE-2023-5866
The CVE-2023-5866 entry concerns phpMyFAQ before 3.2.1 where cookies in HTTPS sessions lack the Secure attribute, enabling potential sensitive data exposure. Affected product: phpMyFAQ (thorsten/phpmyfaq) prior to 3.2.1. Root cause: missing Secure flag on cookies during HTTPS sessions. Impact: co...
CVE-2023-5867
Summary (CVE-2023-5867) : Stored cross-site scripting vulnerability in the PHPMyFAQ project prior to version 3.2.2. Root cause identified in multiple sources as lack of proper filtering/escaping of user-supplied data in the FileName parameter of the file-attachment upload function, enabling injec...
CVE-2023-5867 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
CVE-2023-5867 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
CVE-2023-5867 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
CVE-2023-5865 Insufficient Session Expiration in thorsten/phpmyfaq
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2...
CVE-2023-5865
CVE-2023-5865 affects thorsten/phpmyfaq prior to 3.2.2. The root cause is insufficient session expiration, allowing old sessions to remain usable. Impact is high/critical per sources (NVD and CNA metrics note high confidentiality/integrity/availability implications). The vulnerability is mitigate...