EPSS
Percentile
34.5%
thorsten/phpmyfaq is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists in record.questions.php due to lack of sanitization of the user inputs of mail parameter which allows an attacker to inject and execute arbitrary javascript.
record.questions.php
mail
github.com/advisories/GHSA-5mf7-p346-7rm8
github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf
huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b/