An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12NmcyLWp3cm0taDVyNc4AA0JZ

phpMyFAQ Cross-site Scripting

phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 17 days ago

CVSS Score: 5.2
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

Identifiers: GHSA-v6g2-jwrm-h5r5, CVE-2023-3469

Affected Packages

Versions: < 3.2.0-beta.2
Fixed in: 3.2.0-beta.2