Cross-Site Scripting (XSS)

2023-04-2016:10:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

phpmyfaq

javascript

security vulnerability

EPSS

0.001

Percentile

33.2%

JSON

phpmyfaq is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user input before it output to the front end, allowing an attacker to inject and execute malicious JavaScript in the victim’s browser.

References

github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611

huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e/

EPSS

0.001

Percentile

33.2%

JSON

Related for VERACODE:40233