Lucene search
Veracode Vulnerability DatabaseVERACODE:40250HistoryApr 21, 2023 - 10:51 a.m.
Stored Cross-Site Scripting (XSS)
2023-04-2110:51:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
phpmyfaq
stored cross-site scripting
xss
privacyurl
contact.php
html entities
malicious content
hyperlinks
vulnerability
0.001 Low
EPSS
Percentile
23.3%
phpmyfaq is vulnerable to Stored Cross-Site Scripting (XSS) attacks. The library does not properly convert user inputs to HTML entities in the privacyURL of phpmyfaq/contact.php before it output to the front end, allowing an attacker to inject and execute malicious content via infected hyperlinks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thorsten/phpmyfaq | le | 3.1.11 | |
| phpmyfaq/phpmyfaq | le | 3.1.11 | |
| thorsten/phpmyfaq | le | 3.1.11 | |
| phpmyfaq/phpmyfaq | le | 3.1.11 |
Related
cve
cve
CVE-2023-1882
2023-04-05 17:15:07
huntr
huntr
Stored XSS edit Config Link
2023-02-12 18:32:12
osv
osv
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter
2023-04-05 18:30:18
CVE-2023-1882
2023-04-05 17:15:07
prion
prion
Cross site scripting
2023-04-05 17:15:00
nvd
nvd
CVE-2023-1882
2023-04-05 17:15:07
github
github
cvelist
cvelist
CVE-2023-1882 Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq
2023-04-05 00:00:00
openvas
openvas
phpMyFAQ < 3.1.12 Multiple Vulnerabilities
2023-04-04 00:00:00