Lucene search

@huntrdevVULNRICHMENT:CVE-2023-5864

HistoryOct 31, 2023 - 12:00 a.m.

CVE-2023-5864 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

2023-10-3100:00:19

CWE-79

@huntrdev

github.com

cve-2023-5864

cross-site scripting

stored

github repository

thorsten/phpmyfaq

prior to 3.2.1

CVSS3

7.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

5.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

References

github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa

huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad

CVSS3

7.4

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

5.9

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-5864