phpMyFAQ Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-28106 - Vulnerability Database

phpMyFAQ

phpMyFAQ Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-28106

Medium

Reference: CVE-2024-28106

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-28106

Title: phpMyFAQ Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

phpMyFAQ is an open source FAQ web application for PHP 8.1 and MySQL PostgreSQL and other databases. By manipulating the news parameter in a POST request an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page the XSS payload triggers. This vulnerability is fixed in 3.2.6.