cbcvebase.

Thorsten Phpmyfaq vulnerabilities

117 known vulnerabilities affecting thorsten/phpmyfaq.

Total CVEs
117
CISA KEV
0
Public exploits
8
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH37MEDIUM69LOW2

Vulnerabilities

Page 6 of 6
CVE-2023-4007P4HIGH≥ 0, < 3.1.162023-07-31
CVE-2023-4007 [HIGH] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability phpMyFAQ Stored Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
ghsaosv
CVE-2023-5319P4HIGH≥ 0, < 3.1.182023-09-30
CVE-2023-5319 [HIGH] CWE-79 phpMyFAQ Cross-site Scripting vulnerability phpMyFAQ Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
ghsaosv
CVE-2026-34729P4MEDIUMCVSS 4.8fixed in 4.1.12026-04-02
CVE-2026-34729 [MEDIUM] CWE-79 CVE-2026-34729: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulner phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex Bypass in Filter::removeAttributes(). This issue has been patched in version 4.1.1.
nvd
CVE-2024-29179P4MEDIUMCVSS 4.8v3.2.52024-03-25
CVE-2024-29179 [MEDIUM] CWE-79 CVE-2024-29179: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
nvd
CVE-2023-1754P4MEDIUM≥ 0, < 3.1.122023-03-31
CVE-2023-1754 [MEDIUM] CWE-20 phpMyFAQ vulnerable to improper input validation phpMyFAQ vulnerable to improper input validation Improper Neutralization of Input During Web Page Generation in phpMyFAQ
ghsaosv
CVE-2023-2550P4HIGH≥ 0, < 3.1.132023-05-05
CVE-2023-2550 [HIGH] CWE-79 Cross Site Scripting in thorsten/phpmyfaq Cross Site Scripting in thorsten/phpmyfaq Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to version 3.1.13.
ghsaosv
CVE-2023-1887P4HIGH≥ 0, < 3.1.122023-04-05
CVE-2023-1887 [HIGH] thorsten/phpmyfaq vulnerable to business logic errors thorsten/phpmyfaq vulnerable to business logic errors thorsten/phpmyfaq prior to 3.1.12 allows users with edit-only permissions to add and delete categories and add FAQs. This has been fixed in 3.1.12.
ghsaosv
CVE-2023-0880P4MEDIUM≥ 0, < 3.1.112023-02-17
CVE-2023-0880 [MEDIUM] CWE-115 Misinterpretation of Input in thorsten/phpmyfaq Misinterpretation of Input in thorsten/phpmyfaq Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-0786P4MEDIUM≥ 0, < 3.1.112023-02-12
CVE-2023-0786 [MEDIUM] CWE-79 Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting in thorsten/phpmyfaq Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
ghsaosv
CVE-2023-3469P4MEDIUM≥ 0, < 3.2.0-beta.22023-06-30
CVE-2023-3469 [MEDIUM] CWE-79 phpMyFAQ Cross-site Scripting phpMyFAQ Cross-site Scripting phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.
ghsaosv
CVE-2023-5864P4HIGH≥ 0, < 3.2.12023-10-31
CVE-2023-5864 [HIGH] CWE-79 phpMyFAQ Cross-site Scripting vulnerability phpMyFAQ Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
ghsaosv
CVE-2023-1760P4MEDIUM≥ 0, < 3.1.122023-03-31
CVE-2023-1760 [MEDIUM] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability phpMyFAQ Stored Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
ghsaosv
CVE-2023-2427P4MEDIUM≥ 0, < 3.1.132023-05-05
CVE-2023-2427 [MEDIUM] CWE-79 Cross Site Scripting in thorsten/phpmyfaq Cross Site Scripting in thorsten/phpmyfaq Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to version 3.1.13.
ghsaosv
CVE-2023-1759P4MEDIUM≥ 0, < 3.1.122023-03-31
CVE-2023-1759 [MEDIUM] CWE-79 phpMyFAQ Stored Cross-site Scripting vulnerability phpMyFAQ Stored Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
ghsaosv
CVE-2024-29196P4LOWCVSS 2.7v= 3.2.52024-03-26
CVE-2024-29196 [LOW] CWE-22 CVE-2024-29196: phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other database phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6.
nvd
CVE-2026-48488P4LOWCVSS 2.7fixed in 4.1.42026-06-08
CVE-2026-48488 [LOW] CWE-328 CVE-2026-48488: phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are has phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attacks since 2017 (SHAttered). Version 4.1.4 fixes the issue.
ghsanvd
CVE-2018-16650HIGH≥ 0, < 2.9.112022-05-14
CVE-2018-16650 [HIGH] CWE-352 phpMyFAQ CSRF phpMyFAQ CSRF phpMyFAQ before 2.9.11 allows CSRF.
ghsaosv
Thorsten Phpmyfaq vulnerabilities | cvebase