phpmyfaq is vulnerable to Cross-Site Scripting (XSS). The library does not properly escape the user inputs through $editData
parameter in configuration.php
, before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 | |
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 |