phpmyfaq is vulnerable to Stored Cross-Site Scripting (XSS) attacks. The library does not properly convert user inputs to HTML entities in the privacyURL
of phpmyfaq/contact.php
before it output to the front end, allowing an attacker to inject and execute malicious content via infected hyperlinks.
CPE | Name | Operator | Version |
---|---|---|---|
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 | |
thorsten/phpmyfaq | le | 3.1.11 | |
phpmyfaq/phpmyfaq | le | 3.1.11 |