mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
1020 B
1020 B
CVE-2024-28106
&color=brighgreen)
Description
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
POC
Reference
- https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r
- https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r
Github
No PoCs found on GitHub currently.