1764 matches found
Privilege Escalation
thorsten/phpmyfaq is vulnerable to Privilege Escalation. The vulnerability exists because of the insufficient permission checks in the user.php, which allows an attacker to gain escalated privilege through the isSuperAdmin feature...
Cross-Site Scripting (XSS)
phpmyfaq is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user input of the displayname in getAllUserOptions function of UserHelper.php file, which allows an attacker to inject and execute malicious JavaScript in the victim's browser...
Cross-Site Scripting (XSS)
phpmyfaq is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user inputs before it output to the front end due to the use of FILTERUNSAFERAW filter, allowing an attacker to inject and execute malicious javascript on victim's browser...
Cross-Site Scripting (XSS)
phpmyfaq is vulnerable to Cross-Site Scripting XSS. The library does not properly escape the user inputs through $editData parameter in configuration.php, before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...
Weak Password Requirements
phpmyfaq has Weak Password Requirements. A remote attacker is able to easily compromise user accounts because weak passwords are associated with the accounts due to the enforcement of a weak password policy while creating a new user with the admin account...
GHSA-M9QM-M5W5-9PGJ thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the updatecategory parameter. This has been fixed in 3.1.12...
thorsten/phpmyfaq vulnerable to authentication bypass
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to authentication bypass by capture-relay that allows unlimited comments to be sent. This has been fixed in 3.1.12...
GHSA-GCMQ-7652-X98J thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the adminlog. This has been fixed in 3.1.12...
GHSA-JPH3-3J24-PG3J thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to DOM cross-site scripting XSS because it fails to sanitize user input in the configuration privacy note URL parameter. This has been fixed in 3.1.12...
GHSA-GX43-FQRX-6FCW thorsten/phpmyfaq vulnerable to business logic errors
thorsten/phpmyfaq prior to 3.1.12 allows users with edit-only permissions to add and delete categories and add FAQs. This has been fixed in 3.1.12...
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the updatecategory parameter. This has been fixed in 3.1.12...
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the FAQ comment username parameter. This has been fixed in 3.1.12...
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the FAQ News link parameter. This has been fixed in 3.1.12...
GHSA-M8Q9-7V2F-QJX9 thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the artlang parameter. This has been fixed in 3.1.12...
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the artlang parameter. This has been fixed in 3.1.12...
thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to cross-site scripting XSS because it fails to sanitize user input in the stopword parameter. This has been fixed in 3.1.12...
GHSA-GMJJ-G2RM-XWM7 thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to cross-site scripting XSS because it fails to sanitize user input in the stopword parameter. This has been fixed in 3.1.12...
GHSA-JVJX-QQH7-6X6C thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the FAQ News link parameter. This has been fixed in 3.1.12...
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the category field name parameter. This has been fixed in 3.1.12...
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting XSS because it fails to sanitize user input in the FAQ site while generating an HTML Export. This has been fixed in 3.1.12...