CVE-2023-3469
MEDIUM5.2EPSS 0.18%phpMyFAQ Cross-site Scripting
發布日:2023/6/30修改日:2024/2/16
描述
phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.
受影響套件(1)
- Packagist/thorsten/phpmyfaqfrom 0, < 3.2.0-beta.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.2 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N |