exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2025-68951

около 1 месяца назад

phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an administrator views the admin user list, the payload is decoded server-side and rendered without escaping, resulting in script execution in the admin context. Version 4.0.16 contains a patch for the issue.

CVSS3: 5.4

EPSS: Низкий

GHSA-jv8r-hv7q-p6vc

около 1 месяца назад

phpMyFAQ has Stored XSS in user list via admin-managed display_name

CVSS3: 5.4

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2025-68951 phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in an administrator’s browser by registering a user whose display name contains HTML entities. When an administrator views the admin user list, the payload is decoded server-side and rendered without escaping, resulting in script execution in the admin context. Version 4.0.16 contains a patch for the issue.	CVSS3: 5.4	0% Низкий	около 1 месяца назад
	GHSA-jv8r-hv7q-p6vc phpMyFAQ has Stored XSS in user list via admin-managed display_name	CVSS3: 5.4	0% Низкий	около 1 месяца назад

Уязвимостей на страницу