Cross-Site Scripting (XSS)

2023-04-0708:12:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

xss

phpmyfaq

userhelper.php

0.001 Low

EPSS

Percentile

23.5%

JSON

phpmyfaq is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user input of the display_name in getAllUserOptions function of UserHelper.php file, which allows an attacker to inject and execute malicious JavaScript in the victim’s browser.

CPENameOperatorVersion
thorsten/phpmyfaqle3.1.11
phpmyfaq/phpmyfaqle3.1.11
thorsten/phpmyfaqle3.1.11
phpmyfaq/phpmyfaqle3.1.11

Name	Operator	Version
thorsten/phpmyfaq	le	3.1.11
phpmyfaq/phpmyfaq	le	3.1.11
thorsten/phpmyfaq	le	3.1.11
phpmyfaq/phpmyfaq	le	3.1.11

References

github.com/advisories/GHSA-7q9c-f2v8-j8gw

github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770

huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5

huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5/

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for VERACODE:40073