Cross-Site Scripting (XSS)

2023-04-0708:01:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

phpmyfaq

filter_unsafe_raw

malicious javascript

browser

0.001 Low

EPSS

Percentile

23.5%

JSON

phpmyfaq is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user inputs before it output to the front end due to the use of FILTER_UNSAFE_RAW filter, allowing an attacker to inject and execute malicious javascript on victim’s browser.

CPENameOperatorVersion
phpmyfaq/phpmyfaqle3.1.11
thorsten/phpmyfaqle3.1.11
phpmyfaq/phpmyfaqle3.1.11
thorsten/phpmyfaqle3.1.11

Name	Operator	Version
phpmyfaq/phpmyfaq	le	3.1.11
thorsten/phpmyfaq	le	3.1.11
phpmyfaq/phpmyfaq	le	3.1.11
thorsten/phpmyfaq	le	3.1.11

References

github.com/advisories/GHSA-4wfc-ghv5-2v7j

github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa

huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1

huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1/

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for VERACODE:40072