Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Phpmyfaq
(Phpmyfaq)| Repositories | https://github.com/thorsten/phpMyFAQ |
| #Vulnerabilities | 124 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-30 | CVE-2023-5320 | Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | Phpmyfaq | 6.1 | ||
| 2023-10-31 | CVE-2023-5863 | Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | Phpmyfaq | 6.1 | ||
| 2023-10-31 | CVE-2023-5864 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | Phpmyfaq | 4.8 | ||
| 2023-10-31 | CVE-2023-5865 | Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | Phpmyfaq | 9.8 | ||
| 2023-10-31 | CVE-2023-5866 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | Phpmyfaq | 5.7 | ||
| 2023-10-31 | CVE-2023-5867 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | Phpmyfaq | 5.4 | ||
| 2023-12-16 | CVE-2023-6889 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. | Phpmyfaq | 5.4 | ||
| 2023-12-16 | CVE-2023-6890 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17. | Phpmyfaq | 5.4 | ||
| 2024-02-05 | CVE-2024-22202 | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them... | Phpmyfaq | 6.5 | ||
| 2024-02-05 | CVE-2024-22208 | phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this... | Phpmyfaq | 6.5 |