Lucene search
Veracode Vulnerability DatabaseVERACODE:40071HistoryApr 07, 2023 - 7:45 a.m.
Cross-Site Scripting (XSS)
2023-04-0707:45:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
cross-site scripting
phpmyfaq
configuration.php
user inputs
attacker
malicious javascript
vulnerability
front end
0.001 Low
EPSS
Percentile
23.5%
phpmyfaq is vulnerable to Cross-Site Scripting (XSS). The library does not properly escape the user inputs through $editData parameter in configuration.php, before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim’s browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thorsten/phpmyfaq | le | 3.1.11 | |
| phpmyfaq/phpmyfaq | le | 3.1.11 | |
| thorsten/phpmyfaq | le | 3.1.11 | |
| phpmyfaq/phpmyfaq | le | 3.1.11 |
Related
cvelist
cvelist
CVE-2023-1755 Cross-site Scripting (XSS) - Generic in thorsten/phpmyfaq
2023-03-31 00:00:00
osv
osv
phpMyFAQ Cross-site Scripting vulnerability
2023-03-31 03:30:31
CVE-2023-1755
2023-03-31 01:15:09
github
github
phpMyFAQ Cross-site Scripting vulnerability
2023-03-31 03:30:31
prion
prion
Cross site scripting
2023-03-31 01:15:00
cve
cve
CVE-2023-1755
2023-03-31 01:15:09
huntr
huntr
Stored XSS on Configuration Version
2023-02-12 19:20:03
nvd
nvd
CVE-2023-1755
2023-03-31 01:15:09
openvas
openvas
phpMyFAQ < 3.1.12 Multiple Vulnerabilities
2023-04-04 00:00:00