Description

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.

Remediation

References

CVE-2024-24574

Related Vulnerabilities

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15732)

CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)

Joomla Improper Input Validation Vulnerability (CVE-2016-8869)

WordPress Plugin Resume Submissions & Job Postings Arbitrary File Upload (2.5.1)

Dolibarr Incorrect Authorization Vulnerability (CVE-2021-37517)

Severity

Medium

Classification

CVE-2024-24574 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities