Lucene search
Veracode Vulnerability DatabaseVERACODE:39379HistoryFeb 22, 2023 - 7:42 a.m.
Stored Cross-Site Scripting (XSS)
2023-02-2207:42:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
cross-site scripting
xss
phpmyfaq
user data
injection
vulnerability
0.001 Low
EPSS
Percentile
21.2%
phpmyfaq is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of santization in the getUserData parameter of header.php which allows an attacker to inject and execute arbitrary JavaScript into the system through the username field.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyfaq/phpmyfaq | le | 3.1.10 | |
| thorsten/phpmyfaq | le | 3.1.10 | |
| phpmyfaq/phpmyfaq | le | 3.1.10 | |
| thorsten/phpmyfaq | le | 3.1.10 |
Related
prion
prion
Cross site scripting
2023-02-12 14:15:00
osv
osv
CVE-2023-0794
2023-02-12 14:15:11
Cross-site Scripting in thorsten/phpmyfaq
2023-02-12 15:30:25
cvelist
cvelist
CVE-2023-0794 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
2023-02-12 00:00:00
nvd
nvd
CVE-2023-0794
2023-02-12 14:15:11
cve
cve
CVE-2023-0794
2023-02-12 14:15:11
huntr
huntr
Stored HTML Injection
2023-01-22 00:31:00
github
github
Cross-site Scripting in thorsten/phpmyfaq
2023-02-12 15:30:25
openvas
openvas
phpMyFAQ < 3.1.11 Multiple Vulnerabilities
2023-02-13 00:00:00