Lucene search

Veracode Vulnerability DatabaseVERACODE:44084

HistoryNov 01, 2023 - 5:51 a.m.

Cross-site Scripting (XSS)

2023-11-0105:51:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

phpmyfaq

vulnerability

faq.php

xss

javascript

browser

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

Percentile

14.0%

JSON

phpmyfaq is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the lack of HTML elements validation in Faq.php, which allows an attacker to inject and execute malicious JavaScript in the browser.

References

github.com/advisories/GHSA-prrv-r843-4p75

github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa

huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad