GHSA-974q-4vvr-vg9c
Suggest an improvement- Source
- https://github.com/advisories/GHSA-974q-4vvr-vg9c
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-974q-4vvr-vg9c/GHSA-974q-4vvr-vg9c.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-974q-4vvr-vg9c
- Aliases
- Published
- 2023-05-31T03:30:15Z
- Modified
- 2024-02-16T08:13:42.203040Z
- Severity
-
- 6.0 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H CVSS Calculator
- Summary
- thorsten/phpmyfaq vulnerable to cross-site scripting
- Details
-
In thorsten/phpmyfaq prior to 3.1.14, when admins create a FAQ News, they can pass xss to the "text of the record" section.
- Database specific
{ "nvd_published_at": "2023-05-31T01:15:43Z", "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2023-06-02T17:13:29Z", "severity": "MODERATE", "github_reviewed": true }- References
Affected packages
Packagist / thorsten/phpmyfaq
Package
- Name
- thorsten/phpmyfaq
- Purl
- pkg:composer/thorsten/phpmyfaq
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.14
Affected versions
2.*
2.8.0-alpha2
2.8.0-alpha3
2.8.0-beta
2.8.0-beta2
2.8.0-beta3
2.8.0-RC
2.8.0-RC2
2.8.0-RC3
2.8.0-RC4
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.8.10
2.8.11
2.8.12
2.8.13
2.8.14
2.8.15
2.8.16
2.8.17
2.8.18
2.8.19
2.8.20
2.8.21
2.8.22
2.8.23
2.8.24
2.8.25
2.8.26
2.8.27
2.8.28
2.8.29
2.9.0-alpha
2.9.0-alpha2
2.9.0-alpha3
2.9.0-alpha4
2.9.0-beta
2.9.0-beta2
2.9.0-rc
2.9.0-rc2
2.9.0-rc3
2.9.0-rc4
2.9.0
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
2.9.10
2.9.11
2.9.12
2.9.13
2.10.0-alpha
3.*
3.0.0-alpha
3.0.0-alpha.2
3.0.0-alpha.3
3.0.0-alpha.4
3.0.0-beta
3.0.0-beta.2
3.0.0-beta.3
3.0.0-RC
3.0.0-RC.2
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.0.10
3.0.11
3.0.12
3.1.0-alpha
3.1.0-alpha.2
3.1.0-alpha.3
3.1.0-beta
3.1.0-RC
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.1.10
3.1.11
3.1.12
3.1.13