CVE-2024-28106
phpMyFAQ Stored XSS at FAQ News Content
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Productos afectados
thorsten · phpMyFAQ¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →