logo

Database

Server side cross-site scripting In phpmyfaq/phpmyfaq

Description

phpMyFAQ vulnerable to Cross-site Scripting phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting (XSS). A patch is available on the main branch of the repository and anticipated to be part of version 3.2.0-alpha.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-36082. NVD-2022-36083. OSV-2022-36084. GCVE-2022-3608

References

1. https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf26772. https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.