Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
phpMyFAQ Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-27300 - Vulnerability Database
phpMyFAQ

phpMyFAQ Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-27300

Medium
Reference: CVE-2024-27300
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-27300
Title: phpMyFAQ Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

phpMyFAQ is an open source FAQ web application for PHP 8.1 and MySQL PostgreSQL and other databases. The email field in phpMyFAQ39s user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP39s FILTER_VALIDATE_EMAIL function which only validates the email format not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user39s phpMyFAQ session. This vulnerability is fixed in 3.2.6.