1756 matches found
phpMyFAQ < 3.1.18 Multiple Vulnerabilities
phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...
Stored XSS in Attachment File Name
Description A stored cross-site scripting vulnerability exists within the file attachment upload functionality. Replication Steps 0x01. As a user with only the "Edit Record" and "Add Attachments" permissions, the user proceeded to edit a FAQ record and clicked "Add new attachment", as seen in the...
GHSA-PP4W-G5P4-85P2 phpMyFAQ Cross-site Scripting vulnerability
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
phpMyFAQ allows unrestricted file types in image field
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
phpMyFaq Cross-site Scripting vulnerability
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
GHSA-QCJG-HVG6-HXCP phpMyFAQ allows unrestricted file types in image field
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5227
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8...
CVE-2023-5316
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5319
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5317
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5320
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
Cross site scripting
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5320 Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5320 Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5320
CVE-2023-5320 is a DOM-based XSS in phpMyFAQ prior to version 3.1.18. The vulnerability affects the web interface’s client-side DOM handling, allowing a crafted input to execute arbitrary scripts in a victim’s browser. Exploitation requires user interaction (UI:R) and is scoped to the affected ap...
CVE-2023-5320 Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5316 Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...
CVE-2023-5316 Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq
Cross-site Scripting XSS - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18...