Cross-Site Scripting (XSS)

2022-11-0104:26:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

thorsten

phpmyfaq

cross-site scripting

vulnerability

injection

html

script

code

0.001 Low

EPSS

Percentile

30.2%

JSON

thorsten/phpmyfaq is vulnerable to cross-site scripting. The vulnerability exists in multiple functions due to missing quoting for search terms which allows an attacker to inject arbitrary html and script code into the web site.

CPENameOperatorVersion
thorsten/phpmyfaqle3.1.7
phpmyfaq/phpmyfaqle3.1.7
thorsten/phpmyfaqle3.1.7
phpmyfaq/phpmyfaqle3.1.7

Name	Operator	Version
thorsten/phpmyfaq	le	3.1.7
phpmyfaq/phpmyfaq	le	3.1.7
thorsten/phpmyfaq	le	3.1.7
phpmyfaq/phpmyfaq	le	3.1.7

References

github.com/advisories/GHSA-mg5h-rhjq-6v84

github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d

huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983

huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983/

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for VERACODE:37728