thorsten/phpmyfaq
Packagist77 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting thorsten/phpmyfaqpage 2 of 2
- CVE-2023-2550MEDIUMCVSS 4.8EG 4.8✓ Fixed in 3.1.132023-05-05
vulnerable: 2.10.0-alpha ... 3.1.9 (104 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
- CVE-2023-2752MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.2.0-beta2023-05-17
vulnerable: 2.10.0-alpha ... 3.2.0-alpha (111 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
- CVE-2023-2753MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.2.0-beta2023-05-17
vulnerable: 2.10.0-alpha ... 3.2.0-alpha (111 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.
- CVE-2023-2998MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.1.142023-05-31
vulnerable: 2.10.0-alpha ... 3.1.9 (105 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
- CVE-2023-2999MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.1.142023-05-31
vulnerable: 2.10.0-alpha ... 3.1.9 (105 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.
- CVE-2023-3469MEDIUMCVSS 4.8EG 4.8✓ Fixed in 3.2.0-beta.22023-06-30
vulnerable: 2.10.0-alpha ... 3.2.0-beta (112 versions)
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.
- CVE-2023-4006CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.162023-07-31
vulnerable: 2.10.0-alpha ... 3.1.9 (107 versions)
Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
- CVE-2023-4007MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.1.162023-07-31
vulnerable: 2.10.0-alpha ... 3.1.9 (107 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.
- CVE-2023-5227CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.182023-09-30
vulnerable: 2.10.0-alpha ... 3.1.9 (109 versions)
Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
- CVE-2023-5316MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.1.182023-09-30
vulnerable: 2.10.0-alpha ... 3.1.9 (109 versions)
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
- CVE-2023-5317MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.1.182023-09-30
vulnerable: 2.10.0-alpha ... 3.1.9 (109 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
- CVE-2023-5319MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.1.182023-09-30
vulnerable: 2.10.0-alpha ... 3.1.9 (109 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
- CVE-2023-5320MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.1.182023-09-30
vulnerable: 2.10.0-alpha ... 3.1.9 (109 versions)
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
- CVE-2023-5863MEDIUMCVSS 6.1EG 6.1✓ Fixed in 3.2.22023-10-31
vulnerable: 2.10.0-alpha ... 3.2.1 (118 versions)
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
- CVE-2023-5864MEDIUMCVSS 4.8EG 4.8✓ Fixed in 3.2.12023-10-31
vulnerable: 2.10.0-alpha ... 3.2.0-beta.2 (117 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
- CVE-2023-5865CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.2.22023-10-31
vulnerable: 2.10.0-alpha ... 3.2.1 (118 versions)
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
- CVE-2023-5866MEDIUMCVSS 5.7EG 5.7✓ Fixed in 3.2.12023-10-31
vulnerable: 2.10.0-alpha ... 3.2.0-beta.2 (117 versions)
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.
- CVE-2023-5867MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.2.22023-10-31
vulnerable: 2.10.0-alpha ... 3.2.1 (118 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.
- CVE-2023-6889MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.1.172023-12-16
vulnerable: 2.10.0-alpha ... 3.1.9 (108 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
- CVE-2023-6890MEDIUMCVSS 5.4EG 5.4✓ Fixed in 3.1.172023-12-16
vulnerable: 2.10.0-alpha ... 3.1.9 (108 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.
- CVE-2024-54141HIGHCVSS 8.6EG 8.6✓ Fixed in 4.0.02024-12-06
vulnerable: 2.10.0-alpha ... 4.0.0-beta.2 (138 versions)
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fix…
- CVE-2024-55889MEDIUMCVSS 4.9EG 4.9✓ Fixed in 3.2.102024-12-13
vulnerable: 2.10.0-alpha ... 3.2.9 (126 versions)
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an…
- CVE-2025-59943HIGHCVSS 8.1EG 8.1✓ Fixed in 4.0.132025-10-03
vulnerable: 4.0.10 ... 4.0.9 (6 versions)
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Beca…
- CVE-2025-69200HIGHCVSS 7.5EG 7.5✓ Fixed in 4.0.162025-12-29
vulnerable: 2.10.0-alpha ... 4.0.9 (154 versions)
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a we…
- CVE-2026-32629MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.1.12026-04-02
vulnerable: 2.10.0-alpha ... 4.1.0-beta.2 (169 versions)
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 (quoted local part) yet contains raw HTML — for exa…
- CVE-2026-34973MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.1.12026-04-02
vulnerable: 2.10.0-alpha ... 4.1.0-beta.2 (169 versions)
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE cla…
- CVE-2026-34974MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.1.12026-04-02
vulnerable: 2.10.0-alpha ... 4.1.0-beta.2 (169 versions)
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. Any user wi…
Check whether thorsten/phpmyfaq is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for thorsten/phpmyfaq CVEs against the assets you own.
Start Free Scan →