Lucene search

@huntrdevCVE-2022-4408

HistoryDec 11, 2022 - 3:15 p.m.

CVE-2022-4408

2022-12-1115:15:10

CWE-79

@huntrdev

web.nvd.nist.gov

cve-2022-4408

cross-site scripting

xss

github

repository

thorsten

phpmyfaq

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.6%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.

Affected configurations

Nvd

Node

phpmyfaqphpmyfaqRange<3.1.9

VendorProductVersionCPE
phpmyfaqphpmyfaq*cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyfaq	phpmyfaq	*	cpe:2.3:a:phpmyfaq:phpmyfaq::::::::

CNA Affected

[
  {
    "vendor": "thorsten",
    "product": "thorsten/phpmyfaq",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "3.1.9",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751

huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea