CVE-2023-3469

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 3.2.0-beta.2

Description The issue is related to Cross-site Scripting (XSS) - Reflected. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.

Recommendations For versions prior to 3.2.0-beta.2, update to version 3.2.0-beta.2 or later to resolve the issue. As a temporary workaround, consider restricting the ability to restore backups from files to minimize the risk of exploitation. Avoid using specially crafted files that can trigger errors and execute JavaScript code until the issue is resolved.