Описание
phpMyFAQ Cross-site Scripting
phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.
Пакеты
Наименование
thorsten/phpmyfaq
composer
Затронутые версииВерсия исправления
< 3.2.0-beta.2
3.2.0-beta.2
Связанные уязвимости
CVSS3: 4.8
nvd
больше 2 лет назад
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.