Security Advisory 2022-07-23

Stored XSS vulnerability in phpMyFAQ

Issued on:

2022-07-23

Software:

phpMyFAQ <= 3.1.5

Risk:

Medium

Platforms:

all

The phpMyFAQ Team has learned of a security issue that have been discovered in phpMyFAQ 3.1.5 and

earlier. phpMyFAQ contains a stored cross-site scripting (XSS) vulnerability.

Description

phpMyFAQ does not implement sufficient checks to avoid stored XSS when saving content in the administration

configuration

Solution

The phpMyFAQ Team has released the new phpMyFAQ version 3.1.6 which fix the vulnerability. All

users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 3.1.6.

References

• XSS (Found by jhond0e)

Thanks

The phpMyFAQ teams would like to thank jhond0e for the responsible disclosure of the vulnerability.