Lucene search

Veracode Vulnerability DatabaseVERACODE:46080

HistoryMar 29, 2024 - 9:12 a.m.

HTML Injection

2024-03-2909:12:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

html injection

phpmyfaq

validation vulnerability

contentlink parameter

security

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

phpmyfaq is vulnerable to HTML injection. The vulnerability is due to insufficient validation on the contentLink parameter, this allowing an attacker to inject HTML code that can affect other users.

References

github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634

github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46080