Headline
CVE-2023-1885: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@fecc803
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
@@ -21,6 +21,7 @@
use phpMyFAQ\Category\CategoryRelation;
use phpMyFAQ\Database;
use phpMyFAQ\Filter;
use phpMyFAQ\Strings;
if (!defined(‘IS_VALID_PHPMYFAQ’)) {
http_response_code(400);
@@ -319,9 +320,10 @@
foreach ($category->getCategoryTree() as $id => $cat) {
// CategoryHelper translated in this language?
if ($cat[‘lang’] == $lang) {
$categoryName = $cat[‘name’];
$categoryName = Strings::htmlentities($cat[‘name’]);
} else {
$categoryName = $cat[‘name’] . ' (' . $languageCodes[strtoupper($cat[‘lang’])] . ')';
$categoryName = Strings::htmlentities($cat[‘name’]) .
' (' . $languageCodes[strtoupper($cat[‘lang’])] . ')';
}
Related news
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the `category field name` parameter. This has been fixed in 3.1.12.