CVE-2023-3469 – thorsten/phpmyfaq

Package

Manager: composer
Name: thorsten/phpmyfaq
Vulnerable Version: >=0 <3.2.0-beta.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00129 pctl0.33167

Details

phpMyFAQ Cross-site Scripting phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.

Metadata

Created: 2023-06-30T03:30:17Z
Modified: 2023-06-30T20:37:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-v6g2-jwrm-h5r5/GHSA-v6g2-jwrm-h5r5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-v6g2-jwrm-h5r5
Finding: F425
Auto approve: 1