Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
phpMyFAQ Stored Cross-site Scripting at File Attachments
Vulnerability Description
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
phpMyFAQ 安全漏洞
Vulnerability Description
phpMyFAQ是Thorsten Rinne个人开发者的一个多语言、完全由数据库驱动的常见问题解答系统。 phpMyFAQ 存在安全漏洞,该漏洞源于具有管理员权限的攻击者可以上传包含没有扩展名的 JS 代码的附件,从而导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A