thorsten/phpmyfaq Security Advisories for 2.9.13 (71)
-
[MEDIUM] thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
PKSA-nm7m-ddfs-x1rd CVE-2024-55889 GHSA-m3r7-8gw7-qwvc
Affected version: <3.2.10
Reported by:
GitHub -
[HIGH] phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
PKSA-zk9c-crx1-g563 CVE-2024-54141 GHSA-vrjr-p3xp-xx2x
Affected version: <4.0.0
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Cross-site Scripting vulnerability
PKSA-dp4r-92p1-jm3r CVE-2023-6890 GHSA-4h37-q5j3-hw96
Affected version: <3.1.17
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Cross-site Scripting vulnerability
PKSA-z2gn-4mp6-7kgx CVE-2023-6889 GHSA-w8xj-992g-842f
Affected version: <3.1.17
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting (XSS) in thorsten/phpmyfaq
PKSA-3zxr-6q1g-y9pc CVE-2023-5867 GHSA-prrv-r843-4p75
Affected version: <3.2.2
Reported by:
GitHub -
[MEDIUM] Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
PKSA-234x-mfj9-vyxm CVE-2023-5866 GHSA-34w4-wrqp-j47g
Affected version: <3.2.1
Reported by:
GitHub -
[HIGH] Insufficient Session Expiration in thorsten/phpmyfaq
PKSA-mhmh-zvw7-ctt3 CVE-2023-5865 GHSA-f728-prhw-2g68
Affected version: <3.2.2
Reported by:
GitHub -
[HIGH] phpMyFAQ Cross-site Scripting vulnerability
PKSA-fwqb-wfgt-vhnq CVE-2023-5864 GHSA-g5hp-328h-jj98
Affected version: <3.2.1
Reported by:
GitHub -
[HIGH] phpMyFAQ Cross-site Scripting vulnerability
PKSA-fy6w-gxhz-b2mb CVE-2023-5863 GHSA-j4vj-w5rj-8grw
Affected version: <3.2.2
Reported by:
GitHub -
[HIGH] phpMyFAQ Cross-site Scripting vulnerability
PKSA-473w-z13b-432n CVE-2023-5319 GHSA-j5ww-5xf4-hqm2
Affected version: <3.1.18
Reported by:
GitHub -
[MEDIUM] phpMyFAQ allows unrestricted file types in image field
PKSA-mb8f-3r9h-zv2d CVE-2023-5227 GHSA-qcjg-hvg6-hxcp
Affected version: <3.1.18
Reported by:
GitHub -
[CRITICAL] phpMyFAQ Cross-site Scripting vulnerability
PKSA-j9jt-7g13-t74m CVE-2023-5316 GHSA-58v7-58c2-qwm9
Affected version: <3.1.18
Reported by:
GitHub -
[MEDIUM] phpMyFaq Cross-site Scripting vulnerability
PKSA-c9gj-nswj-c8v6 CVE-2023-5317 GHSA-5jwv-m8h3-69cg
Affected version: <3.1.18
Reported by:
GitHub -
[CRITICAL] phpMyFAQ Cross-site Scripting vulnerability
PKSA-hr4h-nw1k-8zbd CVE-2023-5320 GHSA-pp4w-g5p4-85p2
Affected version: <3.1.18
Reported by:
GitHub -
[HIGH] phpMyFAQ Stored Cross-site Scripting vulnerability
PKSA-x3y4-4qqb-1d8c CVE-2023-4007 GHSA-q9vm-29ph-p7mp
Affected version: <3.1.16
Reported by:
GitHub -
[HIGH] phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability
PKSA-w38f-g1pw-fptg CVE-2023-4006 GHSA-2xvx-368h-qcmv
Affected version: <3.1.16
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Cross-site Scripting
PKSA-5mf7-1xx2-r8qf CVE-2023-3469 GHSA-v6g2-jwrm-h5r5
Affected version: <3.2.0-beta.2
Reported by:
GitHub -
[MEDIUM] thorsten/phpmyfaq vulnerable to cross-site scripting
PKSA-449b-pm19-yj3b CVE-2023-2999 GHSA-94r7-63g8-c4jw
Affected version: <3.1.14
Reported by:
GitHub -
[MEDIUM] thorsten/phpmyfaq vulnerable to cross-site scripting
PKSA-7skg-fzbb-43pk CVE-2023-2998 GHSA-974q-4vvr-vg9c
Affected version: <3.1.14
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to stored Cross-site Scripting
PKSA-nbfj-yt53-w4ff CVE-2023-2753 GHSA-vppq-6ff8-2m8w
Affected version: <3.2.0-beta
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to stored Cross-site Scripting
PKSA-5wnq-2nqs-gct1 CVE-2023-2752 GHSA-j657-pjgc-c4h6
Affected version: <3.2.0-beta
Reported by:
GitHub -
[HIGH] Cross Site Scripting in thorsten/phpmyfaq
PKSA-q9pv-n8rg-hsyq CVE-2023-2550 GHSA-5mf7-p346-7rm8
Affected version: <3.1.13
Reported by:
GitHub -
[MEDIUM] Cross Site Scripting in thorsten/phpmyfaq
PKSA-8ptm-w337-39j1 CVE-2023-2427 GHSA-5xq3-7mw9-wj5p
Affected version: <3.1.13
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Improper Access Control vulnerability
PKSA-mtm1-ss8g-wgvd CVE-2023-2429 GHSA-r69v-q48g-3966
Affected version: <3.1.13
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to Stored Cross-site Scripting
PKSA-d9fp-49zx-fym9 CVE-2023-2428 GHSA-8595-6653-96p2
Affected version: <3.1.13
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in thorsten/phpmyfaq
PKSA-71zg-c8q3-sbmg CVE-2023-1875 GHSA-ch5w-2994-6h82
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
PKSA-bqhx-wnn4-htts CVE-2023-1884 GHSA-gmjj-g2rm-xwm7
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] thorsten/phpmyfaq vulnerable to improper access control
PKSA-dxhp-3xs3-tcm8 CVE-2023-1883 GHSA-2wjp-w7g7-h63q
Affected version: <3.1.12
Reported by:
GitHub -
[HIGH] thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter
PKSA-swvz-9q1j-53jy CVE-2023-1882 GHSA-jph3-3j24-pg3j
Affected version: <3.1.12
Reported by:
GitHub -
[HIGH] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
PKSA-gbwf-9cxb-136d CVE-2023-1880 GHSA-m8q9-7v2f-qjx9
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter
PKSA-mj8w-pf9f-4g8q CVE-2023-1879 GHSA-m9qm-m5w5-9pgj
Affected version: <3.1.12
Reported by:
GitHub -
[HIGH] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog
PKSA-45xh-5fph-j6xf CVE-2023-1878 GHSA-gcmq-7652-x98j
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter
PKSA-rw83-nw8n-wh2r CVE-2023-1885 GHSA-xxm6-ff3x-v4vm
Affected version: <3.1.12
Reported by:
GitHub -
[HIGH] thorsten/phpmyfaq vulnerable to authentication bypass
PKSA-3sdr-k7b7-rx6w CVE-2023-1886 GHSA-4cr4-x82x-hwm9
Affected version: <3.1.12
Reported by:
GitHub -
[HIGH] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
PKSA-5jvn-xj5h-yxw7 CVE-2023-1758 GHSA-3j93-7rf7-p7m6
Affected version: <3.1.12
Reported by:
GitHub -
[HIGH] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
PKSA-d5r8-gd2b-r4rc CVE-2023-1757 GHSA-jvjx-qqh7-6x6c
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export
PKSA-6qy9-qd3n-yn3h CVE-2023-1756 GHSA-8p48-ghv5-7qq7
Affected version: <3.1.12
Reported by:
GitHub -
[HIGH] thorsten/phpmyfaq vulnerable to business logic errors
PKSA-w163-ccsb-gq3p CVE-2023-1887 GHSA-gx43-fqrx-6fcw
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting vulnerability
PKSA-p4d8-zbxb-db5j CVE-2023-1760 GHSA-7q9c-f2v8-j8gw
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting vulnerability
PKSA-wcp5-zdy4-3g35 CVE-2023-1759 GHSA-4wfc-ghv5-2v7j
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Cross-site Scripting vulnerability
PKSA-kvnf-yxzf-9g2b CVE-2023-1755 GHSA-hp8m-g55r-9cfq
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to improper input validation
PKSA-cw8t-wqhf-zqgj CVE-2023-1754 GHSA-gvg8-r8w2-9gfj
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] phpMyFAQ has weak password requirements
PKSA-55zv-d6h5-byt9 CVE-2023-1753 GHSA-4p4m-5qp7-479x
Affected version: <3.1.12
Reported by:
GitHub -
[HIGH] thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
PKSA-r4fn-pcgz-rj1v CVE-2023-1762 GHSA-xww4-w6ff-5q3g
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Code Injection vulnerability
PKSA-ygh6-5ch1-kqxt CVE-2023-1761 GHSA-6cpg-gqgq-2rrr
Affected version: <3.1.12
Reported by:
GitHub -
[MEDIUM] Misinterpretation of Input in thorsten/phpmyfaq
PKSA-gpfr-w2p1-4v7c CVE-2023-0880 GHSA-f9c6-4j9h-6c5r
Affected version: <3.1.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in thorsten/phpmyfaq
PKSA-ncxm-hwbq-783k CVE-2023-0794 GHSA-gf34-hh5r-f74h
Affected version: <3.1.11
Reported by:
GitHub -
[MEDIUM] Code Injection in thorsten/phpmyfaq
PKSA-cb4b-dbxc-jfd2 CVE-2023-0792 GHSA-wjrj-jc3w-ppfw
Affected version: <3.1.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in thorsten/phpmyfaq
PKSA-bbmk-bt3w-yn86 CVE-2023-0791 GHSA-c38p-vw6j-qjpr
Affected version: <3.1.11
Reported by:
GitHub -
[HIGH] Uncaught Exception in thorsten/phpmyfaq
PKSA-47fw-kqzf-tzd9 CVE-2023-0790 GHSA-6vv4-qq3r-9rv8
Affected version: <3.1.11
Reported by:
GitHub -
[CRITICAL] Command Injection in thorsten/phpmyfaq
PKSA-ys5t-twxg-dzbt CVE-2023-0789 GHSA-6vp5-vv9p-7q62
Affected version: <3.1.11
Reported by:
GitHub -
[CRITICAL] Code Injection in thorsten/phpmyfaq
PKSA-tg84-dy91-kryt CVE-2023-0788 GHSA-r6cw-356h-mvwg
Affected version: <3.1.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in thorsten/phpmyfaq
PKSA-qpzg-f1q5-ybkt CVE-2023-0787 GHSA-gxxj-x426-xj2w
Affected version: <3.1.11
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in thorsten/phpmyfaq
PKSA-4qt9-386t-xkhv CVE-2023-0786 GHSA-jfpg-jggf-rpph
Affected version: <3.1.11
Reported by:
GitHub -
[HIGH] Weak Password Requirements in thorsten/phpmyfaq
PKSA-fd1c-b7gm-rmg5 CVE-2023-0793 GHSA-fxrq-xhj9-rf5j
Affected version: <3.1.11
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting vulnerability
PKSA-m7f8-nm95-bzwh CVE-2023-0306 GHSA-96x6-jf5w-84c5
Affected version: <3.1.10
Reported by:
GitHub -
[MEDIUM] phpMyFAQ has Weak Password Requirements
PKSA-gy5j-hpdy-j8ts CVE-2023-0307 GHSA-4p88-cfhq-f3vg
Affected version: <3.1.10
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting vulnerability
PKSA-qcfs-jyz4-8hpx CVE-2023-0308 GHSA-w475-749h-c77m
Affected version: <3.1.10
Reported by:
GitHub -
[MEDIUM] thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)
PKSA-3ztm-kzyy-m3dg CVE-2023-0312 GHSA-6449-vf6p-9hfp
Affected version: <3.1.10
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting vulnerability
PKSA-rmyr-9jcd-vdjd CVE-2023-0309 GHSA-25c3-7fvj-v45j
Affected version: <3.1.10
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting vulnerability
PKSA-7gdy-tbrg-d8gh CVE-2023-0310 GHSA-9jff-8xmm-mw22
Affected version: <3.1.10
Reported by:
GitHub -
[CRITICAL] phpMyFAQ Improper Authentication vulnerability
PKSA-nyx7-4kcw-byfk CVE-2023-0311 GHSA-g92r-9rxw-cmgx
Affected version: <3.1.10
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Stored Cross-site Scripting vulnerability
PKSA-zxjm-dcpk-t2w9 CVE-2023-0313 GHSA-x2h8-4mhh-5hwh
Affected version: <3.1.10
Reported by:
GitHub -
[MEDIUM] phpMyFAQ Reflected Cross-site Scripting vulnerability
PKSA-m3v1-p3ms-3gws CVE-2023-0314 GHSA-m9xr-8cx7-53pj
Affected version: <3.1.10
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to Cross-site Scripting
PKSA-zk1x-1f1r-tmd2 CVE-2022-4408 GHSA-rjf6-wj7r-5fj2
Affected version: <3.1.9
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to Cross-site Scripting
PKSA-hdcf-s9vp-9n7r CVE-2022-4407 GHSA-cp9c-phxx-55xm
Affected version: <3.1.9
Reported by:
GitHub -
[HIGH] phpMyFAQ has insecure HTTP cookies
PKSA-9tvb-nh5n-s91m CVE-2022-4409 GHSA-wpgc-5cr5-h9gg
Affected version: <3.1.9
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to reflected Cross-site Scripting
PKSA-19gx-7q7t-n4j2 CVE-2022-3766 GHSA-mg5h-rhjq-6v84
Affected version: <3.1.8
Reported by:
GitHub -
[MEDIUM] phpMyFAQ vulnerable to stored Cross-site Scripting
PKSA-114n-16vr-b277 CVE-2022-3765 GHSA-wr74-2v66-57pp
Affected version: <3.1.8
Reported by:
GitHub -
[CRITICAL] phpMyFAQ contains Weak Password Requirements
PKSA-w85v-kqzw-m21r CVE-2022-3754 GHSA-2rr3-rv49-p42f
Affected version: <3.1.8
Reported by:
GitHub -
[HIGH] phpMyFAQ vulnerable to Cross-site Scripting
PKSA-55jk-qn9x-wy1q CVE-2022-3608 GHSA-6rj8-9cm9-6gff
Affected version: <=3.1.7
Reported by:
GitHub