CVE-2023-4007 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

CVE-2023-4007 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

CVE-2023-4007

CVE-2023-4007 is a stored XSS vulnerability in phpMyFAQ. Affected software: phpMyFAQ prior to version 3.1.16 (Thorsten Rinne’s project). The root cause: stored input may be injected, leading to cross-site script execution. Impact indicators in public documents show high confidentiality/integrity ...

CVE-2023-4006

CVE-2023-4006 affects phpMyFAQ before version 3.1.16. The vulnerability arises from improper neutralization of formula elements in CSV files processed by phpMyFAQ, enabling affects to potentially exploit crafted CSV content. Impact per CVSS (NVD) is Critical (C:H/I:H/A:H) with network attack vect...

CVE-2023-4006 Improper Neutralization of Formula Elements in a CSV File in thorsten/phpmyfaq

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

PT-2023-27247 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.16 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.16, which stems from vulnerability to stored cross-site scripting XSS attacks...

phpMyFAQ < 3.1.16 Multiple Vulnerabilities

phpMyFAQ is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"; if description...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ versions prior to 3.1.16, which stems from improperly neutralized formula elements in CSV files...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: Cross Site Scripting vulnerability CSV injection vulnerability...

phpMyFAQ Cross-site Scripting

phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file,...

GHSA-V6G2-JWRM-H5R5 phpMyFAQ Cross-site Scripting

phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file,...

CVE-2023-3469

The CVE-2023-3469 entry concerns phpMyFAQ (thorsten/phpmyfaq) prior to 3.2.0-beta.2, which is vulnerable to a reflected cross-site scripting (XSS) flaw when restoring a backup. The issue arises from how exception messages may include unencoded parts of the crafted backup file, allowing JavaScript...

CVE-2023-3469 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2...

CVE-2023-3469 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

Cross-site Scripting XSS - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2...

PT-2023-24980 · Phpmyfaq · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: phpMyFAQ versions prior to 3.2.0-beta.2 Description: The issue is related to Cross-site Scripting XSS - Reflected. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can b...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.0-beta.2, which stems from vulnerability to reflective cross-site scripting XSS attacks...

Cross-Site Scripting (XSS)

phpmyfaq/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of input sanitization in the getNews function of News.php, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

phpMyFAQ < 3.1.14 Multiple XSS Vulnerabilities

phpMyFAQ is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in the cleanUpContent function, which allows an attacker to inject and execute arbitrary JavaScript into the browser...