phpmyfaq is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user input of the display_name
in getAllUserOptions
function of UserHelper.php
file, which allows an attacker to inject and execute malicious JavaScript in the victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 | |
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 |