Lucene search

Veracode Vulnerability DatabaseVERACODE:43521

HistoryOct 03, 2023 - 9:21 a.m.

Cross-Site Scripting (XSS)

2023-10-0309:21:26

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

thorsten/phpmyfaq

cross-site scripting

instances.php

url sanitization

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

18.6%

JSON

thorsten/phpmyfaq is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of url sanitization in instances.php which allow an attacker to pass a malicious URL.

References

github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83

huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54

huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54/