GSA_kwCzR0hTQS02cmo4LTljbTktNmdmZs4AAvdr

High EPSS: 0.00472% (0.63777 Percentile) EPSS:

Permalink JSON

phpMyFAQ vulnerable to Cross-site Scripting

Affected Packages	Affected Versions	Fixed Versions
packagist:phpmyfaq/phpmyfaq	<= 3.1.7	3.2.0-alpha
0 Dependent packages 4 Dependent repositories 16 Downloads total Affected Version Ranges All affected versions 2.8.0, 2.8.0-RC, 2.8.0-RC2, 2.8.0-RC3, 2.8.0-RC4, 2.8.0-alpha2, 2.8.0-alpha3, 2.8.0-beta, 2.8.0-beta2, 2.8.0-beta3, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16, 2.8.17, 2.8.18, 2.8.19, 2.8.20, 2.8.21, 2.8.22, 2.8.23, 2.8.24, 2.8.25, 2.8.26, 2.8.27, 2.8.28, 2.8.29, 2.9.0, 2.9.0-alpha, 2.9.0-alpha2, 2.9.0-alpha3, 2.9.0-alpha4, 2.9.0-beta, 2.9.0-beta2, 2.9.0-rc, 2.9.0-rc2, 2.9.0-rc3, 2.9.0-rc4, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.9.11, 2.9.12, 2.9.13, 2.10.0-alpha, 3.0.0, 3.0.0-RC, 3.0.0-RC.2, 3.0.0-alpha, 3.0.0-alpha.2, 3.0.0-alpha.3, 3.0.0-alpha.4, 3.0.0-beta, 3.0.0-beta.2, 3.0.0-beta.3, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.1.0, 3.1.0-RC, 3.1.0-alpha, 3.1.0-alpha.2, 3.1.0-alpha.3, 3.1.0-beta, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7 All unaffected versions 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13
packagist:thorsten/phpmyfaq	<= 3.1.7	3.2.0-alpha
0 Dependent packages 4 Dependent repositories 36 Downloads total Affected Version Ranges All affected versions 2.8.0, 2.8.0-RC, 2.8.0-RC2, 2.8.0-RC3, 2.8.0-RC4, 2.8.0-alpha2, 2.8.0-alpha3, 2.8.0-beta, 2.8.0-beta2, 2.8.0-beta3, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16, 2.8.17, 2.8.18, 2.8.19, 2.8.20, 2.8.21, 2.8.22, 2.8.23, 2.8.24, 2.8.25, 2.8.26, 2.8.27, 2.8.28, 2.8.29, 2.9.0, 2.9.0-alpha, 2.9.0-alpha2, 2.9.0-alpha3, 2.9.0-alpha4, 2.9.0-beta, 2.9.0-beta2, 2.9.0-rc, 2.9.0-rc2, 2.9.0-rc3, 2.9.0-rc4, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 2.9.10, 2.9.11, 2.9.12, 2.9.13, 2.10.0-alpha, 3.0.0, 3.0.0-RC, 3.0.0-RC.2, 3.0.0-alpha, 3.0.0-alpha.2, 3.0.0-alpha.3, 3.0.0-alpha.4, 3.0.0-beta, 3.0.0-beta.2, 3.0.0-beta.3, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.1.0, 3.1.0-RC, 3.1.0-alpha, 3.1.0-alpha.2, 3.1.0-alpha.3, 3.1.0-beta, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7 All unaffected versions 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13

phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting (XSS). A patch is available on the main branch of the repository and anticipated to be part of version 3.2.0-alpha.

References:

Identifiers

GHSA-6rj8-9cm9-6gff

CVE-2022-3608

Risk

Severity

High

EPSS

EPSS Percentage: 0.00472

EPSS Percentile: 0.63777

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/thorsten/phpmyfaq

Date and time

Published

about 3 years ago

Updated

almost 3 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories