Vulnerabilities in thorsten
115 resultsCVE-2026-46366HIGHphpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission BypassEPSS 0.3%CVE-2026-46361HIGHphpMyFAQ - Stored Cross-Site Scripting via raw Filter in search.twigEPSS 0.2%CVE-2026-34729MEDIUMphpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes()EPSS 0.2%CVE-2026-35676HIGHphpMyFAQ - Unauthenticated Password Reset via User Password Update EndpointEPSS 0.2%CVE-2026-49205MEDIUMphpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)EPSS 0.2%CVE-2025-68951MEDIUMphpMyFAQ has stored XSS in admin "List of users" via display_name HTML entity decoding (html_entity_decode) + Twig |rawEPSS 0.2%CVE-2026-45007MEDIUMphpMyFAQ - Missing Permission Check on 12 Configuration API Endpoints Allows Information DisclosureEPSS 0.2%CVE-2026-46367HIGHphpMyFAQ - Stored XSS via Utils::parseUrl() in Comment RenderingEPSS 0.2%CVE-2026-46359HIGHphpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token FieldsEPSS 0.2%CVE-2026-48488LOWphpMyFAQ has Weak Cryptography - SHA1 for Password HashingEPSS 0.2%CVE-2026-46365MEDIUMphpMyFAQ - Missing Authorization in Tag Deletion EndpointEPSS 0.2%CVE-2026-34974MEDIUMphpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege EscalationEPSS 0.2%CVE-2026-45009MEDIUMphpMyFAQ - Insufficient Authorization Check in Admin API EndpointsEPSS 0.2%CVE-2026-46363MEDIUMphpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode BypassEPSS 0.2%CVE-2026-46360MEDIUMphpMyFAQ - Stored XSS via Entity Decoding Depth Limit Bypass in SVG SanitizerEPSS 0.2%