Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-jph3-3j24-pg3j: thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to DOM cross-site scripting (XSS) because it fails to sanitize user input in the configuration privacy note URL parameter. This has been fixed in 3.1.12.

ghsa
Open in Source
#xss#git#php

thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter

High severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 6, 2023

Related news

CVE-2023-1882: fix: added missing conversion to HTML entities · thorsten/phpMyFAQ@49db615

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

ghsa: Latest News

GHSA-cjgq-5qmw-rcj6: keras Path Traversal vulnerability
ghsa