FreeBSD : phpmyfaq -- multiple vulnerabilities (bb528d7c-e2c6-11ed-a3e6-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bb528d7c-e2c6-11ed-a3e6-589cfc0f81b0 advisory. - phpmyfaq developers report: XSS email address manipulation bb528d7c-e2c6-11ed-a3e6-589cfc0f81b0 Note...

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: XSS email address manipulation...

GHSA-CH5W-2994-6H82 Cross-site Scripting in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1875

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1875 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2023-1875

CVE-2023-1875 describes a stored Cross-site Scripting (XSS) vulnerability in the phpMyFAQ project by thorsten/phpmyfaq, affecting versions prior to 3.1.12. The vulnerability allows injection into user-facing pages stored on the server. Reported across multiple sources confirms the issue and recom...

PT-2023-17303 · Unknown · Thorsten/Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the thorsten/phpmyfaq GitHub repository. Recommendations: For versions prior to 3.1.12, update to version 3.1.12 ...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.12, which can be exploited by an attacker to bypass XSS protection by changing the name of the phpmyfaq user...

Stored Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Stored Cross-Site Scripting XSS attacks. The vulnerability is due to a lack of sanitization in the FAQ news email field in comments, allowing an attacker to inject and execute malicious JavaScript in the victim's browser...

Stored Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Stored Cross-Site Scripting XSS attacks. The library does not properly convert user inputs to HTML entities in the privacyURL of phpmyfaq/contact.php before it output to the front end, allowing an attacker to inject and execute malicious content via infected hyperlinks...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user input in the artlang parameter of send2friend.php before it output to the front end, allowing an attacker to inject and execute malicious JavaScript in the victim's browser...

Business Logic Flaws

phpmyfaq is vulnerable to Business Logic Flaws. The vulnerability exists in record.add.php due to improper user permission checks which allows an authenticated attacker with edit-only permissions to add and delete categories or add FAQs...

Authentication Bypass

phpmyfaq is vulnerable to Authentication Bypass. The vulnerability is due to a Captcha bypass which allows an attacker to send unlimited comments due to the faulty logic in the checkCaptchaCode function in fileCaptcha.php, resulting in authentication bypass...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS attacks. The library contains a stored XSS in the Field Name category which does not properly escape before it output to the front end due to missing HTML entity conversions, which allows an attacker to execute malicious JavaScript on victim's...

Improper Access Control

phpmyfaq is vulnerable to Improper Access Control. Improper checks in commentDisabled function of Faq.php allows a remote authenticated attacker to comment in inactive FAQ NEWS even when the comment section is disabled, resulting in broken access control...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user input before it output to the front end, allowing an attacker to inject and execute malicious JavaScript in the victim's browser...

Stored Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Stored Cross-Site Scripting XSS attacks. The vulnerability is due to a lack of sanitization when adding a new faq news item which allows an attacker to inject and execute JavaScript in the browser...

Stored Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Stored Cross-site Scripting XSS. The vulnerability exists due to the improper sanitization in the adminlog of the stat.adminlog.php, which allows an attacker to inject and execute malicious JavaScript through the $text attribute...

Email Address Manipulation Vulnerability

Description During testing of phpmyfaq, it was discovered that the application does not properly validate email addresses when updating user profiles. This vulnerability allows an attacker to manipulate their email address and change it to another email address that is already registered in the...