CVE-2022-3608
HIGH8.4EPSS 0.51%phpMyFAQ vulnerable to Cross-site Scripting
Published: 10/19/2022Modified: 11/8/2023
Also known as:GHSA-6rj8-9cm9-6gff
Description
phpMyFAQ versions 3.1.7 and prior are vulnerable to stored cross-site scripting (XSS). A patch is available on the `main` branch of the repository and anticipated to be part of version 3.2.0-alpha.
Affected packages (2)
- Packagist/phpmyfaq/phpmyfaqfrom 0, < 3.2.0-alpha
- Packagist/thorsten/phpmyfaqfrom 0, < 3.2.0-alpha
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.4 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H |