Cross-site Scripting (XSS)

2023-01-2605:17:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

phpmyfaq

cross-site scripting

xss

header.php

javascript

0.0005 Low

EPSS

Percentile

17.9%

JSON

phpmyfaq is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the special characters before it output to the front end in header.php, which allows an attacker to inject and execute malicious JavaScript.

CPENameOperatorVersion
thorsten/phpmyfaqle3.1.9
phpmyfaq/phpmyfaqle3.1.9
thorsten/phpmyfaqle3.1.9
phpmyfaq/phpmyfaqle3.1.9

Name	Operator	Version
thorsten/phpmyfaq	le	3.1.9
phpmyfaq/phpmyfaq	le	3.1.9
thorsten/phpmyfaq	le	3.1.9
phpmyfaq/phpmyfaq	le	3.1.9

References

github.com/advisories/GHSA-25c3-7fvj-v45j

github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b

huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6

0.0005 Low

EPSS

Percentile

17.9%

JSON

Related for VERACODE:39017