Cross-Site Scripting (XSS)

2022-10-2004:29:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

xss

backup export

improper verification

configuration

admin grant

vulnerability

software

0.001 Low

EPSS

Percentile

40.6%

JSON

thorsten/phpmyfaq is vulnerable to cross-site scripting. The vulnerability exists in the backup.export.php due to to improper verification of backup files which allows an attacker to export the configuration and re-upload the same file with the admin grant.

CPENameOperatorVersion
thorsten/phpmyfaqle3.1.13
phpmyfaq/phpmyfaqle3.1.13
thorsten/phpmyfaqle3.1.13
phpmyfaq/phpmyfaqle3.1.13

Name	Operator	Version
thorsten/phpmyfaq	le	3.1.13
phpmyfaq/phpmyfaq	le	3.1.13
thorsten/phpmyfaq	le	3.1.13
phpmyfaq/phpmyfaq	le	3.1.13

References

github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677

huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for VERACODE:37610