Lucene search

Veracode Vulnerability DatabaseVERACODE:40203

HistoryApr 20, 2023 - 5:35 a.m.

Stored Cross-site Scripting (XSS)

2023-04-2005:35:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

thorsten

phpmyfaq

stored cross-site scripting

adminlog

stat.adminlog.php

improper sanitization

malicious javascript

software

0.001 Low

EPSS

Percentile

23.5%

JSON

thorsten/phpmyfaq is vulnerable to Stored Cross-site Scripting (XSS). The vulnerability exists due to the improper sanitization in the adminlog of the stat.adminlog.php, which allows an attacker to inject and execute malicious JavaScript through the $text attribute.

CPENameOperatorVersion
thorsten/phpmyfaqle3.1.11
phpmyfaq/phpmyfaqle3.1.11
thorsten/phpmyfaqle3.1.11
phpmyfaq/phpmyfaqle3.1.11

Name	Operator	Version
thorsten/phpmyfaq	le	3.1.11
phpmyfaq/phpmyfaq	le	3.1.11
thorsten/phpmyfaq	le	3.1.11
phpmyfaq/phpmyfaq	le	3.1.11

References

github.com/advisories/GHSA-gcmq-7652-x98j

github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417

huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc/

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for VERACODE:40203