phpmyfaq is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user inputs before it output to the front end due to the use of FILTER_UNSAFE_RAW
filter, allowing an attacker to inject and execute malicious javascript on victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
phpmyfaq/phpmyfaq | le | 3.1.11 | |
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 | |
thorsten/phpmyfaq | le | 3.1.11 |