phpmyfaq is vulnerable to Cross-Site Scripting (XSS) attacks. The library contains a stored XSS in the Field Name category which does not properly escape before it output to the front end due to missing HTML entity conversions, which allows an attacker to execute malicious JavaScript on victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 | |
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 |