thorsten/phpmyfaq is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the missing conversion for HTML entities in report.view.php
, allowing an attacker to inject and execute malicious JavaScript through the FAQ-Proposal, which leads to an admin account takeover.
CPE | Name | Operator | Version |
---|---|---|---|
thorsten/phpmyfaq | le | 3.1.10 | |
phpmyfaq/phpmyfaq | le | 3.1.10 | |
thorsten/phpmyfaq | le | 3.1.10 | |
phpmyfaq/phpmyfaq | le | 3.1.10 |