EPSS
Percentile
21.4%
thorsten/phpmyfaq is vulnerable to cross-site scripting. The vulnerability exists in multiple functions due to a missing check on special characters for page ID, allowing an attacker to inject arbitrary html and script code into the website.
github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af
github.com/thorsten/phpMyFAQ/releases/tag/3.1.8
huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d
huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d/