Lucene search

@huntrdevCVELIST:CVE-2022-3766

HistoryOct 31, 2022 - 12:00 a.m.

CVE-2022-3766 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq

2022-10-3100:00:00

CWE-79

@huntrdev

www.cve.org

cve-2022-3766

cross-site scripting

reflected

github

repository

prior to 3.1.8

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

30.0%

JSON

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.

CNA Affected

[
  {
    "vendor": "thorsten",
    "product": "thorsten/phpmyfaq",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "3.1.8",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d

huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

30.0%

JSON

Related for CVELIST:CVE-2022-3766