phpMyFAQ Stored XSS at user email

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

phpMyFAQ 安全漏洞

phpMyFAQ是Thorsten Rinne个人开发者的一个多语言、完全由数据库驱动的常见问题解答系统。 phpMyFAQ 存在安全漏洞，该漏洞源于 phpMyFAQ 用户控制面板页面中的 email 字段容易受到存储型跨站脚本攻击。

N/A

N/A