cbcvebase.

Thorsten Phpmyfaq vulnerabilities

117 known vulnerabilities affecting thorsten/phpmyfaq.

Total CVEs
117
CISA KEV
0
Public exploits
8
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH37MEDIUM69LOW2

Vulnerabilities

Page 5 of 6
CVE-2023-0309P4MEDIUM≥ 0, < 3.1.102023-01-16
CVE-2023-0309 [MEDIUM] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability phpMyFAQ Stored Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
ghsaosv
CVE-2023-0308P4MEDIUM≥ 0, < 3.1.102023-01-16
CVE-2023-0308 [MEDIUM] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability phpMyFAQ Stored Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
ghsaosv
CVE-2023-2999P4MEDIUM≥ 0, < 3.1.142023-05-31
CVE-2023-2999 [MEDIUM] CWE-79 thorsten/phpmyfaq vulnerable to cross-site scripting thorsten/phpmyfaq vulnerable to cross-site scripting thorsten/phpmyfaq prior to 3.1.14 is vulnerable to a stored cross-site scripting attack perpetuated by an actor logged in as admin.
ghsaosv
CVE-2022-4408P4MEDIUM≥ 0, < 3.1.92022-12-11
CVE-2022-4408 [MEDIUM] CWE-79 phpMyFAQ vulnerable to Cross-site Scripting phpMyFAQ vulnerable to Cross-site Scripting phpMyFAQ prior to version 3.1.9 is vulnerable to stored Cross-site Scripting (XSS).
ghsaosv
CVE-2023-1875P4MEDIUM≥ 0, < 3.1.122023-04-22
CVE-2023-1875 [MEDIUM] CWE-79 Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
ghsaosv
CVE-2023-1885P4MEDIUM≥ 0, < 3.1.122023-04-05
CVE-2023-1885 [MEDIUM] CWE-79 thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the `category field name` parameter. This has been fixed in 3.1.12.
ghsaosv
CVE-2023-1761P4MEDIUM≥ 0, < 3.1.122023-03-31
CVE-2023-1761 [MEDIUM] CWE-79 phpMyFAQ Code Injection vulnerability phpMyFAQ Code Injection vulnerability Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
ghsaosv
CVE-2023-1879P4MEDIUM≥ 0, < 3.1.122023-04-05
CVE-2023-1879 [MEDIUM] CWE-79 thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the updatecategory parameter. This has been fixed in 3.1.12.
ghsaosv
CVE-2023-1756P4MEDIUM≥ 0, < 3.1.122023-04-05
CVE-2023-1756 [MEDIUM] CWE-79 thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the FAQ site while generating an HTML Export. This has been fixed in 3.1.12.
ghsaosv
CVE-2023-6890P4MEDIUM≥ 0, < 3.1.172023-12-16
CVE-2023-6890 [MEDIUM] CWE-79 phpMyFAQ Cross-site Scripting vulnerability phpMyFAQ Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
ghsaosv
CVE-2023-6889P4MEDIUM≥ 0, < 3.1.172023-12-16
CVE-2023-6889 [MEDIUM] CWE-79 phpMyFAQ Cross-site Scripting vulnerability phpMyFAQ Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
ghsaosv
CVE-2023-1884P4MEDIUM≥ 0, < 3.1.122023-04-05
CVE-2023-1884 [MEDIUM] CWE-79 thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter thorsten/phpmyfaq prior to 3.1.12 is vulnerable to cross-site scripting (XSS) because it fails to sanitize user input in the `stopword` parameter. This has been fixed in 3.1.12.
ghsaosv
CVE-2023-5316P4CRITICAL≥ 0, < 3.1.182023-09-30
CVE-2023-5316 [CRITICAL] CWE-79 phpMyFAQ Cross-site Scripting vulnerability phpMyFAQ Cross-site Scripting vulnerability Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
ghsaosv
CVE-2023-5867P4MEDIUM≥ 0, < 3.2.22023-10-31
CVE-2023-5867 [MEDIUM] CWE-79 Cross-site Scripting (XSS) in thorsten/phpmyfaq Cross-site Scripting (XSS) in thorsten/phpmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
ghsaosv
CVE-2023-0313P4MEDIUM≥ 0, < 3.1.102023-01-16
CVE-2023-0313 [MEDIUM] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability phpMyFAQ Stored Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.
ghsaosv
CVE-2023-5317P4MEDIUM≥ 0, < 3.1.182023-09-30
CVE-2023-5317 [MEDIUM] CWE-79 phpMyFaq Cross-site Scripting vulnerability phpMyFaq Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
ghsaosv
CVE-2023-5866P4MEDIUM≥ 0, < 3.2.12023-10-31
CVE-2023-5866 [MEDIUM] CWE-614 Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
ghsaosv
CVE-2023-0791P4MEDIUM≥ 0, < 3.1.112023-02-12
CVE-2023-0791 [MEDIUM] CWE-79 Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-0794P4MEDIUM≥ 0, < 3.1.112023-02-12
CVE-2023-0794 [MEDIUM] CWE-79 Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-0787P4MEDIUM≥ 0, < 3.1.112023-02-12
CVE-2023-0787 [MEDIUM] CWE-79 Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
Thorsten Phpmyfaq vulnerabilities | cvebase