PT-2022-23168 · Phpmyfaq · Phpmyfaq
Published
2022-10-19
·
Updated
2022-10-20
·
CVE-2022-3608
CVSS v3.1
8.4
High
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
phpMyFAQ versions prior to 3.2.0-alpha
Description
The issue is related to stored Cross-site Scripting (XSS) in the phpMyFAQ repository. A patch for this issue is available on the
main branch of the repository and is expected to be included in version 3.2.0-alpha.Recommendations
For versions prior to 3.2.0-alpha, update to version 3.2.0-alpha or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of XSS exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpmyfaq