Количество 3
Количество 3
CVE-2024-28108
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.
GHSA-48vw-jpf8-hwqh
phpMyFAQ Stored HTML Injection at contentLink
BDU:2024-02336
Уязвимость параметра contentLink веб-приложения phpMyFAQ, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-28108 phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6. | CVSS3: 4.7 | 1% Низкий | почти 2 года назад |
| GHSA-48vw-jpf8-hwqh phpMyFAQ Stored HTML Injection at contentLink | CVSS3: 5.1 | 1% Низкий | почти 2 года назад |
 | BDU:2024-02336 Уязвимость параметра contentLink веб-приложения phpMyFAQ, позволяющая нарушителю проводить межсайтовые сценарные атаки (XSS) | CVSS3: 4.7 | 1% Низкий | почти 2 года назад |
Уязвимостей на страницу