CVE-2023-5317
published 2023-09-30CVE-2023-5317: Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.34%
25.4th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmyfaq | phpmyfaq | < 3.1.18 | 3.1.18 |
| thorsten | phpmyfaq | >= 0 < 3.1.18 | 3.1.18 |
| thorsten | thorsten_phpmyfaq | >= unspecified < 3.1.18 | 3.1.18 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cisa7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
phpMyFaq Cross-site Scripting vulnerability
ghsa·2023-09-30
CVE-2023-5317 [MEDIUM] CWE-79 phpMyFaq Cross-site Scripting vulnerability
phpMyFaq Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
OSV
phpMyFaq Cross-site Scripting vulnerability
osv·2023-09-30
CVE-2023-5317 [MEDIUM] phpMyFaq Cross-site Scripting vulnerability
phpMyFaq Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CISA
Jenkins User Interface (UI) Information Disclosure Vulnerability
cisa·2023-05-12·CVSS 7.5
CVE-2015-5317 [HIGH] CWE-200 Jenkins User Interface (UI) Information Disclosure Vulnerability
Vulnerability: Jenkins User Interface (UI) Information Disclosure Vulnerability
Affected: Jenkins Jenkins User Interface (UI)
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
Required Action: Apply updates per vendor instructions.
Notes: https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317
Remediation Due Date: 2023-06-02
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-30
Published