Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
PhpmyfaqPhpmyfaq

124 matches found

CVE
CVEadded 2023/05/05 7:15 p.m.141 views

CVE-2023-2427

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

6.1CVSS5.1AI score0.00068EPSS
CVE
CVEadded 2023/05/05 8:15 p.m.132 views

CVE-2023-2550

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.

8.2CVSS5.2AI score0.00036EPSS
CVE
CVEadded 2023/07/31 1:15 a.m.119 views

CVE-2023-4007

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

8.8CVSS5.5AI score0.00099EPSS
CVE
CVEadded 2023/07/31 1:15 a.m.111 views

CVE-2023-4006

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.

9.8CVSS9.2AI score0.00113EPSS
CVE
CVEadded 2023/05/17 8:15 a.m.109 views

CVE-2023-2752

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.

7.2CVSS5.4AI score0.00207EPSS
CVE
CVEadded 2022/10/29 1:15 p.m.101 views

CVE-2022-3754

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

9.8CVSS8.6AI score0.02981EPSS
CVE
CVEadded 2023/05/31 1:15 a.m.98 views

CVE-2023-2998

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.

6.1CVSS5.8AI score0.00164EPSS
CVE
CVEadded 2023/09/30 1:15 a.m.97 views

CVE-2023-5319

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

8.3CVSS5.5AI score0.00099EPSS
CVE
CVEadded 2023/09/30 1:15 a.m.97 views

CVE-2023-5320

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

9CVSS6.2AI score0.00416EPSS
CVE
CVEadded 2023/05/31 1:15 a.m.96 views

CVE-2023-2999

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.

6.7CVSS5.9AI score0.00068EPSS
CVE
CVEadded 2023/09/30 1:15 a.m.94 views

CVE-2023-5316

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.

9.1CVSS6.2AI score0.00287EPSS
CVE
CVEadded 2007/01/09 6:0 p.m.87 views

CVE-2006-6913

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.

7.5CVSS7AI score0.00585EPSS
CVE
CVEadded 2023/02/12 2:15 p.m.85 views

CVE-2023-0788

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

9.8CVSS9.2AI score0.00115EPSS
CVE
CVEadded 2022/12/11 3:15 p.m.79 views

CVE-2022-4408

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

5.4CVSS4.7AI score0.00068EPSS
CVE
CVEadded 2022/12/11 3:15 p.m.78 views

CVE-2022-4409

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

7.5CVSS6.7AI score0.00062EPSS
CVE
CVEadded 2023/03/31 2:15 a.m.77 views

CVE-2023-1762

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

8.8CVSS7.8AI score0.00134EPSS
CVE
CVEadded 2023/04/05 5:15 p.m.74 views

CVE-2023-1880

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

8.3CVSS6.2AI score0.35617EPSS
CVE
CVEadded 2022/12/11 3:15 p.m.72 views

CVE-2022-4407

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

9.8CVSS6.2AI score0.0279EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.72 views

CVE-2023-0307

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

9.8CVSS7.4AI score0.00429EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.70 views

CVE-2023-0311

Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

9.8CVSS7.3AI score0.00272EPSS
CVE
CVEadded 2017/09/20 9:29 p.m.69 views

CVE-2017-14619

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

6.1CVSS6AI score0.00953EPSS
CVE
CVEadded 2017/09/20 9:29 p.m.67 views

CVE-2017-14618

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.

4.8CVSS5AI score0.00716EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.65 views

CVE-2023-0310

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

9.8CVSS5.5AI score0.00091EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.65 views

CVE-2023-0314

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

6.5CVSS6AI score0.00147EPSS
CVE
CVEadded 2023/03/31 1:15 a.m.65 views

CVE-2023-1755

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

8.4CVSS5.6AI score0.00082EPSS
CVE
CVEadded 2023/09/30 1:15 a.m.64 views

CVE-2023-5227

Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

9.8CVSS7.9AI score0.00309EPSS
CVE
CVEadded 2022/10/31 11:15 a.m.63 views

CVE-2022-3766

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

7.3CVSS6.1AI score0.34649EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.63 views

CVE-2023-0313

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

5.4CVSS4.8AI score0.00057EPSS
CVE
CVEadded 2011/12/15 3:57 a.m.62 views

CVE-2011-4825

Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted param...

7.5CVSS7.3AI score0.83036EPSS
CVE
CVEadded 2023/02/12 2:15 p.m.62 views

CVE-2023-0794

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

8.3CVSS5.5AI score0.00086EPSS
CVE
CVEadded 2023/03/31 2:15 a.m.62 views

CVE-2023-1761

Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

6.3CVSS5.4AI score0.00065EPSS
CVE
CVEadded 2024/03/25 7:15 p.m.62 views

CVE-2024-27299

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit ...

8.8CVSS8.8AI score0.01383EPSS
CVE
CVEadded 2022/10/31 11:15 a.m.61 views

CVE-2022-3765

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

8.2CVSS5.5AI score0.00561EPSS
CVE
CVEadded 2023/02/12 2:15 p.m.61 views

CVE-2023-0786

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

8.4CVSS5.2AI score0.00074EPSS
CVE
CVEadded 2023/02/12 2:15 p.m.59 views

CVE-2023-0789

Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

9.8CVSS9.2AI score0.01435EPSS
CVE
CVEadded 2022/10/19 1:15 p.m.58 views

CVE-2022-3608

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.

8.4CVSS7.1AI score0.00144EPSS
CVE
CVEadded 2023/03/31 2:15 a.m.58 views

CVE-2023-1759

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

4.8CVSS4.6AI score0.00048EPSS
CVE
CVEadded 2024/03/26 3:15 a.m.58 views

CVE-2024-29196

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.

3.8CVSS4AI score0.00463EPSS
CVE
CVEadded 2010/04/21 2:30 p.m.57 views

CVE-2009-4780

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) t...

4.3CVSS5.7AI score0.00138EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.57 views

CVE-2023-0306

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

9.1CVSS5.5AI score0.00086EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.57 views

CVE-2023-0312

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

8.6CVSS6.2AI score0.00308EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.56 views

CVE-2023-0309

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

8.6CVSS5.5AI score0.00086EPSS
CVE
CVEadded 2023/02/12 2:15 p.m.56 views

CVE-2023-0793

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

8.8CVSS7.7AI score0.00098EPSS
CVE
CVEadded 2023/01/15 10:15 p.m.55 views

CVE-2023-0308

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

7.6CVSS5.4AI score0.00086EPSS
CVE
CVEadded 2005/07/17 4:0 a.m.54 views

CVE-2004-2255

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.

6.4CVSS6.9AI score0.04746EPSS
CVE
CVEadded 2007/02/21 11:28 a.m.53 views

CVE-2007-1032

Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server."

6.8CVSS6.7AI score0.00548EPSS
CVE
CVEadded 2023/10/31 1:15 a.m.53 views

CVE-2023-5864

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

7.4CVSS5.1AI score0.00082EPSS
CVE
CVEadded 2024/03/25 7:15 p.m.53 views

CVE-2024-27300

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The email field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's FILTER_VALIDATE_EMAIL function, which only validates the email format, not ...

5.5CVSS5.5AI score0.00444EPSS
CVE
CVEadded 2024/03/25 7:15 p.m.53 views

CVE-2024-28106

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is ...

5.4CVSS4.3AI score0.00115EPSS
CVE
CVEadded 2023/02/12 2:15 p.m.52 views

CVE-2023-0792

Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

6.5CVSS5.8AI score0.00293EPSS
Total number of security vulnerabilities124