FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- multiple vulnerabilities

Affected packages
phpmyfaq < 3.1.10

Details

VuXML ID 005dfb48-990d-11ed-b9d3-589cfc0f81b0
Discovery 2023-01-15
Entry 2023-01-20

phpmyfaq developers report:

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in "Add new question"

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in admin user page

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in FAQ comments

phpMyFAQ does not implement sufficient checks to avoid a blind stored XSS in admin open question page

phpMyFAQ does not implement sufficient checks to avoid a reflected XSS in the admin backend login

phpMyFAQ does not implement sufficient checks to avoid stored XSS on user, category, FAQ, news and configuration admin backend

phpMyFAQ does not implement sufficient checks to avoid weak passwords

References

URL https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a/
URL https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857/
URL https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69/
URL https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256/
URL https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6/
URL https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde/
URL https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67/
URL https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9/
URL https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215/