Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/593055?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/593055?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.0-alpha", "type": "composer", "namespace": "thorsten", "name": "phpmyfaq", "version": "3.1.0-alpha", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.3", "latest_non_vulnerable_version": "4.1.3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151195?format=api", "vulnerability_id": "VCID-15bx-wfer-qygk", "summary": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67132", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67145", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.67146", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.6704", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2429" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2429", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2429" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24", "reference_id": "07552f5577ff8b1e6f7cdefafcce9b2a744d3a24", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:57:44Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24" }, { "reference_url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540", "reference_id": "20d3a0b3-2693-4bf1-b196-10741201a540", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:57:44Z/" } ], "url": "https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540" }, { "reference_url": "https://github.com/advisories/GHSA-r69v-q48g-3966", "reference_id": "GHSA-r69v-q48g-3966", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r69v-q48g-3966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379352?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13" } ], "aliases": [ "CVE-2023-2429", "GHSA-r69v-q48g-3966" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15bx-wfer-qygk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150958?format=api", "vulnerability_id": "VCID-15yp-h3fj-pbb1", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47998", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47997", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.48013", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00243", "scoring_system": "epss", "scoring_elements": "0.47856", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2427" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2427", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2427" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b", "reference_id": "514f4df2ad918e69575028d58b2e33aaf536e59b", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:53:09Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b" }, { "reference_url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d", "reference_id": "89005a6d-d019-4cb7-ae88-486d2d44190d", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:53:09Z/" } ], "url": "https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d" }, { "reference_url": "https://github.com/advisories/GHSA-5xq3-7mw9-wj5p", "reference_id": "GHSA-5xq3-7mw9-wj5p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5xq3-7mw9-wj5p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379352?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13" } ], "aliases": [ "CVE-2023-2427", "GHSA-5xq3-7mw9-wj5p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15yp-h3fj-pbb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133603?format=api", "vulnerability_id": "VCID-1kny-sn17-gbdz", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5320", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68283", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68293", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68295", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00544", "scoring_system": "epss", "scoring_elements": "0.68194", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5320" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5320", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5320" }, { "reference_url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67", "reference_id": "3a2bc18b-5932-4fb5-a01e-24b2b0443b67", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:16:32Z/" } ], "url": "https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346", "reference_id": "e92369543959772adcdab4f36c837faa27490346", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:16:32Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346" }, { "reference_url": "https://github.com/advisories/GHSA-pp4w-g5p4-85p2", "reference_id": "GHSA-pp4w-g5p4-85p2", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pp4w-g5p4-85p2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379656?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18" } ], "aliases": [ "CVE-2023-5320", "GHSA-pp4w-g5p4-85p2" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kny-sn17-gbdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133707?format=api", "vulnerability_id": "VCID-1q6p-7t7t-87e5", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20364", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20539", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2054", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20562", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5317" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5317", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5317" }, { "reference_url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54", "reference_id": "5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:14Z/" } ], "url": "https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83", "reference_id": "ec551bdf1566ede1e55f289888c446f877ad9a83", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:14Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83" }, { "reference_url": "https://github.com/advisories/GHSA-5jwv-m8h3-69cg", "reference_id": "GHSA-5jwv-m8h3-69cg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5jwv-m8h3-69cg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379656?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18" } ], "aliases": [ "CVE-2023-5317", "GHSA-5jwv-m8h3-69cg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1q6p-7t7t-87e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68252?format=api", "vulnerability_id": "VCID-1qwx-htn1-4bg8", "summary": "phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2036", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92161", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92165", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.07758", "scoring_system": "epss", "scoring_elements": "0.92167", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46364" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46364", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46364" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92", "reference_id": "b9f25109fddb38eee19987183798638d07943f92", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92" }, { "reference_url": "https://github.com/advisories/GHSA-289f-fq7w-6q2w", "reference_id": "GHSA-289f-fq7w-6q2w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-289f-fq7w-6q2w" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w", "reference_id": "GHSA-289f-fq7w-6q2w", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha", "reference_id": "phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46364", "GHSA-289f-fq7w-6q2w" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1qwx-htn1-4bg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148438?format=api", "vulnerability_id": "VCID-1rpy-1jkw-w3fx", "summary": "Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59851", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59854", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59863", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00378", "scoring_system": "epss", "scoring_elements": "0.59743", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0880" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0880" }, { "reference_url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c", "reference_id": "14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T15:56:55Z/" } ], "url": "https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa", "reference_id": "a67dca41576834a1ddfee61b9e799b686b75d4fa", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T15:56:55Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa" }, { "reference_url": "https://github.com/advisories/GHSA-f9c6-4j9h-6c5r", "reference_id": "GHSA-f9c6-4j9h-6c5r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f9c6-4j9h-6c5r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0880", "GHSA-f9c6-4j9h-6c5r" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rpy-1jkw-w3fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175148?format=api", "vulnerability_id": "VCID-1v6k-n15u-1bcm", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.668", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66907", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66892", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00509", "scoring_system": "epss", "scoring_elements": "0.66906", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3608" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677", "reference_id": "37123edd50f854bd141e6fbe65221af2d5cf2677", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T19:13:51Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677" }, { "reference_url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850", "reference_id": "8f0f3635-9d81-4c55-9826-2ba955c3a850", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T19:13:51Z/" } ], "url": "https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3608", "reference_id": "CVE-2022-3608", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3608" }, { "reference_url": "https://github.com/advisories/GHSA-6rj8-9cm9-6gff", "reference_id": "GHSA-6rj8-9cm9-6gff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6rj8-9cm9-6gff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27516?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-alpha" } ], "aliases": [ "CVE-2022-3608", "GHSA-6rj8-9cm9-6gff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v6k-n15u-1bcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133525?format=api", "vulnerability_id": "VCID-2bb7-xtyn-dbcq", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25589", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25804", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25787", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5864" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5864", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5864" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa", "reference_id": "b3e5a053b59dcc072d76a55d6ce0311ea30174fa", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T13:54:56Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa" }, { "reference_url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad", "reference_id": "e4b0e8f4-5e06-49d1-832f-5756573623ad", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T13:54:56Z/" } ], "url": "https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad" }, { "reference_url": "https://github.com/advisories/GHSA-g5hp-328h-jj98", "reference_id": "GHSA-g5hp-328h-jj98", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g5hp-328h-jj98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379166?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379134?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2" } ], "aliases": [ "CVE-2023-5864", "GHSA-g5hp-328h-jj98" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bb7-xtyn-dbcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59507?format=api", "vulnerability_id": "VCID-2bsv-7dt5-6qcu", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09124", "scoring_system": "epss", "scoring_elements": "0.92857", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.09124", "scoring_system": "epss", "scoring_elements": "0.9288", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.09124", "scoring_system": "epss", "scoring_elements": "0.92881", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55889" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55889", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55889" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt", "reference_id": "CVE-2024-55889", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d", "reference_id": "fa0f7368dc3288eedb1915def64ef8fb270f711d", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d" }, { "reference_url": "https://github.com/advisories/GHSA-m3r7-8gw7-qwvc", "reference_id": "GHSA-m3r7-8gw7-qwvc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m3r7-8gw7-qwvc" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc", "reference_id": "GHSA-m3r7-8gw7-qwvc", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372314?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5ez6-qnbc-nfgb" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.10" } ], "aliases": [ "CVE-2024-55889", "GHSA-m3r7-8gw7-qwvc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bsv-7dt5-6qcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133715?format=api", "vulnerability_id": "VCID-2wd2-u5mg-suh4", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25377", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25375", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25392", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25178", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5867" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5867", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5867" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3", "reference_id": "5310cb8c37dc3a5c5aead0898690b14705c433d3", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:16Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3" }, { "reference_url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0", "reference_id": "5c09b32e-a041-4a1e-a277-eb3e80967df0", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:16Z/" } ], "url": "https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0" }, { "reference_url": "https://github.com/advisories/GHSA-prrv-r843-4p75", "reference_id": "GHSA-prrv-r843-4p75", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-prrv-r843-4p75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379134?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2" } ], "aliases": [ "CVE-2023-5867", "GHSA-prrv-r843-4p75" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wd2-u5mg-suh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144524?format=api", "vulnerability_id": "VCID-4ej8-n833-fuf4", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1756", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41695", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41687", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41705", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41521", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1756" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1756", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1756" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726", "reference_id": "ca75f4688a8b0f14d5d0697b9f4b6ea66088f726", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:43:35Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726" }, { "reference_url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9", "reference_id": "e495b443-b328-42f5-aed5-d68b929b4cb9", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:43:35Z/" } ], "url": "https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9" }, { "reference_url": "https://github.com/advisories/GHSA-8p48-ghv5-7qq7", "reference_id": "GHSA-8p48-ghv5-7qq7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8p48-ghv5-7qq7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1756", "GHSA-8p48-ghv5-7qq7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ej8-n833-fuf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168610?format=api", "vulnerability_id": "VCID-569v-kyhm-6bd7", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45443", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45442", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45454", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45294", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4408" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4408", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4408" }, { "reference_url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea", "reference_id": "2ec4ddd4-de22-4f2d-ba92-3382b452bfea", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:13Z/" } ], "url": "https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751", "reference_id": "e2ea332a2b5e798f2c39203b2489a2dabe831751", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:13Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751" }, { "reference_url": "https://github.com/advisories/GHSA-rjf6-wj7r-5fj2", "reference_id": "GHSA-rjf6-wj7r-5fj2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rjf6-wj7r-5fj2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383967?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8hxw-rvte-33a1" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-btr7-sehp-zbac" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-dc77-t7y6-z3ab" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-fnfe-xws9-8bgg" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gsjf-hmab-ruew" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-m9y5-g412-zbeh" }, { "vulnerability": "VCID-mt7j-r561-tubz" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-v4hc-w2g2-63f5" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-x4fs-3h7u-4bbe" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9" } ], "aliases": [ "CVE-2022-4408", "GHSA-rjf6-wj7r-5fj2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-569v-kyhm-6bd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83111?format=api", "vulnerability_id": "VCID-57ev-2w6v-mbbs", "summary": "phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50491", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50496", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50509", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50358", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24421" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt", "reference_id": "CVE-2026-24421", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24421", "reference_id": "CVE-2026-24421", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24421" }, { "reference_url": "https://github.com/advisories/GHSA-wm8h-26fv-mg7g", "reference_id": "GHSA-wm8h-26fv-mg7g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wm8h-26fv-mg7g" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g", "reference_id": "GHSA-wm8h-26fv-mg7g", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:22Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38149?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/931970?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24421", "GHSA-wm8h-26fv-mg7g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57ev-2w6v-mbbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68191?format=api", "vulnerability_id": "VCID-5pw3-qxh6-6ufr", "summary": "phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46366", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2355", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23541", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23563", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23355", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46366" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46366", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46366" }, { "reference_url": "https://github.com/advisories/GHSA-99qv-g4x9-mgc3", "reference_id": "GHSA-99qv-g4x9-mgc3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-99qv-g4x9-mgc3" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3", "reference_id": "GHSA-99qv-g4x9-mgc3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass", "reference_id": "phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46366", "GHSA-99qv-g4x9-mgc3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5pw3-qxh6-6ufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102633?format=api", "vulnerability_id": "VCID-5wsg-7979-dqgs", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30546", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3035", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35551", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35568", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62519" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14", "reference_id": "4.0.13...4.0.14", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62519", "reference_id": "CVE-2025-62519", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62519" }, { "reference_url": "https://github.com/advisories/GHSA-fxm2-cmwj-qvx4", "reference_id": "GHSA-fxm2-cmwj-qvx4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxm2-cmwj-qvx4" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4", "reference_id": "GHSA-fxm2-cmwj-qvx4", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/35278?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-x8f6-wx6k-f3d5" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.14" } ], "aliases": [ "CVE-2025-62519", "GHSA-fxm2-cmwj-qvx4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5wsg-7979-dqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83252?format=api", "vulnerability_id": "VCID-6jmj-n5mz-bba8", "summary": "phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03833", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03857", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03844", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03854", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24420" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24420", "reference_id": "CVE-2026-24420", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24420" }, { "reference_url": "https://github.com/advisories/GHSA-7p9h-m7m8-vhhv", "reference_id": "GHSA-7p9h-m7m8-vhhv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7p9h-m7m8-vhhv" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv", "reference_id": "GHSA-7p9h-m7m8-vhhv", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T15:00:41Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38149?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/931970?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24420", "GHSA-7p9h-m7m8-vhhv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jmj-n5mz-bba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133816?format=api", "vulnerability_id": "VCID-6w5z-nvj8-wke8", "summary": "Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.5547", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55592", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.5559", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55605", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5865" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5865", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5865" }, { "reference_url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff", "reference_id": "4c4b7395-d9fd-4ca0-98d7-2e20c1249aff", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T14:18:18Z/" } ], "url": "https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5", "reference_id": "5f43786f52c3d517e7665abd25d534e180e08dc5", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T14:18:18Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5" }, { "reference_url": "https://github.com/advisories/GHSA-f728-prhw-2g68", "reference_id": "GHSA-f728-prhw-2g68", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f728-prhw-2g68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379134?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2" } ], "aliases": [ "CVE-2023-5865", "GHSA-f728-prhw-2g68" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6w5z-nvj8-wke8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68138?format=api", "vulnerability_id": "VCID-7tpb-1avq-zfhu", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchController.php, executing arbitrary JavaScript in every visitor's browser context including administrators.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01334", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01347", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01344", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01337", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46361" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46361", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46361" }, { "reference_url": "https://github.com/advisories/GHSA-pqh6-8fxf-jx22", "reference_id": "GHSA-pqh6-8fxf-jx22", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqh6-8fxf-jx22" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22", "reference_id": "GHSA-pqh6-8fxf-jx22", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig", "reference_id": "phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46361", "GHSA-pqh6-8fxf-jx22" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-1avq-zfhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144366?format=api", "vulnerability_id": "VCID-8fkr-xfw6-ffcj", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1759", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45971", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46109", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46116", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46123", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1759" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1759", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1759" }, { "reference_url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1", "reference_id": "e8109aed-d364-4c0c-9545-4de0347b10e1", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:45:28Z/" } ], "url": "https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa", "reference_id": "ecbd8107fe954b6be95dab315862d1caa0b94efa", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:45:28Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa" }, { "reference_url": "https://github.com/advisories/GHSA-4wfc-ghv5-2v7j", "reference_id": "GHSA-4wfc-ghv5-2v7j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4wfc-ghv5-2v7j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1759", "GHSA-4wfc-ghv5-2v7j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fkr-xfw6-ffcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148160?format=api", "vulnerability_id": "VCID-8hxw-rvte-33a1", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0314", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54594", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54595", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54611", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54469", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0314" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0314", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0314" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98", "reference_id": "3872e7eac2ddeac182fc1335cc312d1392d56f98", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:14:16Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98" }, { "reference_url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67", "reference_id": "eac0a9d7-9721-4191-bef3-d43b0df59c67", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:14:16Z/" } ], "url": "https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67" }, { "reference_url": "https://github.com/advisories/GHSA-m9xr-8cx7-53pj", "reference_id": "GHSA-m9xr-8cx7-53pj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9xr-8cx7-53pj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0314", "GHSA-m9xr-8cx7-53pj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hxw-rvte-33a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69892?format=api", "vulnerability_id": "VCID-8k51-budg-h3ak", "summary": "phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail provider, and translation provider by querying /admin/api/configuration endpoints, violating least privilege access control.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01073", "published_at": "2026-06-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01082", "published_at": "2026-06-14T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0108", "published_at": "2026-06-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01076", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45007" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45007", "reference_id": "CVE-2026-45007", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45007" }, { "reference_url": "https://github.com/advisories/GHSA-rm98-82fr-mcfx", "reference_id": "GHSA-rm98-82fr-mcfx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rm98-82fr-mcfx" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx", "reference_id": "GHSA-rm98-82fr-mcfx", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure", "reference_id": "phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45007", "GHSA-rm98-82fr-mcfx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8k51-budg-h3ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144585?format=api", "vulnerability_id": "VCID-8tff-qn8m-r3hc", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42388", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4241", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42223", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42399", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1875" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1875", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1875" }, { "reference_url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61", "reference_id": "39715aaf-e798-4c60-97c4-45f4f2cd5c61", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:36:40Z/" } ], "url": "https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a", "reference_id": "dcf7dd43a3412aa951d7087b86a8b917fae2133a", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:36:40Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a" }, { "reference_url": "https://github.com/advisories/GHSA-ch5w-2994-6h82", "reference_id": "GHSA-ch5w-2994-6h82", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ch5w-2994-6h82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1875", "GHSA-ch5w-2994-6h82" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tff-qn8m-r3hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150844?format=api", "vulnerability_id": "VCID-8vqk-5ha5-4bae", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43858", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43847", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.43868", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00211", "scoring_system": "epss", "scoring_elements": "0.4369", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2753" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2753", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2753" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba", "reference_id": "5401ab75d022932b8d5d7adaa771acf44fed18ba", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T18:09:09Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba" }, { "reference_url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628", "reference_id": "eca2284d-e81a-4ab8-91bb-7afeca557628", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T18:09:09Z/" } ], "url": "https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628" }, { "reference_url": "https://github.com/advisories/GHSA-vppq-6ff8-2m8w", "reference_id": "GHSA-vppq-6ff8-2m8w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vppq-6ff8-2m8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381986?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta" } ], "aliases": [ "CVE-2023-2753", "GHSA-vppq-6ff8-2m8w" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8vqk-5ha5-4bae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359189?format=api", "vulnerability_id": "VCID-9mx6-54u5-fugf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.127", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1279", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12799", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12781", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34974" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34974", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34974" }, { "reference_url": "https://github.com/advisories/GHSA-5crx-pfhq-4hgg", "reference_id": "GHSA-5crx-pfhq-4hgg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5crx-pfhq-4hgg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373289?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-34974", "GHSA-5crx-pfhq-4hgg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9mx6-54u5-fugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144270?format=api", "vulnerability_id": "VCID-ajev-ydxv-nbd5", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49915", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49901", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49896", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49759", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1879" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/a2642195e9fcb9a6f151bfaa4ff20bf1b905da2e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/a2642195e9fcb9a6f151bfaa4ff20bf1b905da2e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1879", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1879" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91", "reference_id": "0dc8e527c375007cd4b8dbf61f7167393a6f6e91", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:39:54Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91" }, { "reference_url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334", "reference_id": "1dc7f818-c8ea-4f80-b000-31b48a426334", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:39:54Z/" } ], "url": "https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334" }, { "reference_url": "https://github.com/advisories/GHSA-m9qm-m5w5-9pgj", "reference_id": "GHSA-m9qm-m5w5-9pgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m9qm-m5w5-9pgj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1879", "GHSA-m9qm-m5w5-9pgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajev-ydxv-nbd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144870?format=api", "vulnerability_id": "VCID-aku3-vveb-gugg", "summary": "Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1886", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78689", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78685", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78672", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78606", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1886" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1886", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1886" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a", "reference_id": "27eaaae16850694634ac52416a0bd38b35d7330a", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:06Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a" }, { "reference_url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a", "reference_id": "b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:06Z/" } ], "url": "https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a" }, { "reference_url": "https://github.com/advisories/GHSA-4cr4-x82x-hwm9", "reference_id": "GHSA-4cr4-x82x-hwm9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4cr4-x82x-hwm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1886", "GHSA-4cr4-x82x-hwm9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aku3-vveb-gugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148546?format=api", "vulnerability_id": "VCID-ax4d-t793-8bas", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62484", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62491", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62496", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62383", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0786" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0786", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0786" }, { "reference_url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f", "reference_id": "8c74ccab-0d1d-4c6b-a0fa-803aa65de04f", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:47:29Z/" } ], "url": "https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f", "reference_id": "ce676eb9e9d8cb7864f36ee124e838b1ad15415f", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:47:29Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f" }, { "reference_url": "https://github.com/advisories/GHSA-jfpg-jggf-rpph", "reference_id": "GHSA-jfpg-jggf-rpph", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jfpg-jggf-rpph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0786", "GHSA-jfpg-jggf-rpph" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax4d-t793-8bas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144505?format=api", "vulnerability_id": "VCID-b214-zgc8-4qdh", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1882", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58378", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58495", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.5849", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58506", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1882" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1882", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1882" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2", "reference_id": "49db615c300ae0f87795f20570f6f5bdccb1d2f2", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T19:49:38Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2" }, { "reference_url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957", "reference_id": "8ab09a1c-cfd5-4ce0-aae3-d33c93318957", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T19:49:38Z/" } ], "url": "https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957" }, { "reference_url": "https://github.com/advisories/GHSA-jph3-3j24-pg3j", "reference_id": "GHSA-jph3-3j24-pg3j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jph3-3j24-pg3j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1882", "GHSA-jph3-3j24-pg3j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b214-zgc8-4qdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144606?format=api", "vulnerability_id": "VCID-b4yy-mtkz-hybq", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51479", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51492", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51347", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1878" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1878", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1878" }, { "reference_url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc", "reference_id": "93f981a3-231d-460d-a239-bb960e8c2fdc", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:40:29Z/" } ], "url": "https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417", "reference_id": "e018823f8e3bca103c11e5a98b0dd469e41ed417", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:40:29Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417" }, { "reference_url": "https://github.com/advisories/GHSA-gcmq-7652-x98j", "reference_id": "GHSA-gcmq-7652-x98j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcmq-7652-x98j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1878", "GHSA-gcmq-7652-x98j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4yy-mtkz-hybq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30801?format=api", "vulnerability_id": "VCID-b64e-gffa-5kg7", "summary": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60264", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60258", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60253", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60147", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54141" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54141", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54141" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe", "reference_id": "b9289a0b2233df864361c131cd177b6715fbb0fe", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe" }, { "reference_url": "https://github.com/advisories/GHSA-vrjr-p3xp-xx2x", "reference_id": "GHSA-vrjr-p3xp-xx2x", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrjr-p3xp-xx2x" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x", "reference_id": "GHSA-vrjr-p3xp-xx2x", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372524?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5ez6-qnbc-nfgb" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.0" } ], "aliases": [ "CVE-2024-54141", "GHSA-vrjr-p3xp-xx2x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b64e-gffa-5kg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144875?format=api", "vulnerability_id": "VCID-bfsb-58cj-mfaa", "summary": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51479", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51492", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51347", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1758" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1758", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1758" }, { "reference_url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c", "reference_id": "0854328e-eb00-41a3-9573-8da8f00e369c", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:42:37Z/" } ], "url": "https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57", "reference_id": "f3380f46c464d1bc6f3ded29213c79be0de8fc57", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:42:37Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57" }, { "reference_url": "https://github.com/advisories/GHSA-3j93-7rf7-p7m6", "reference_id": "GHSA-3j93-7rf7-p7m6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3j93-7rf7-p7m6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1758", "GHSA-3j93-7rf7-p7m6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bfsb-58cj-mfaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148601?format=api", "vulnerability_id": "VCID-btr7-sehp-zbac", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.71926", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.7202", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.7201", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00674", "scoring_system": "epss", "scoring_elements": "0.72023", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0312" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0312", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0312" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a", "reference_id": "65d419ca04111ee2612ae81cdd59753654cfe18a", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:16:33Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a" }, { "reference_url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9", "reference_id": "f50ec8d1-cd60-4c2d-9ab8-3711870d83b9", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:16:33Z/" } ], "url": "https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9" }, { "reference_url": "https://github.com/advisories/GHSA-6449-vf6p-9hfp", "reference_id": "GHSA-6449-vf6p-9hfp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6449-vf6p-9hfp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0312", "GHSA-6449-vf6p-9hfp" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btr7-sehp-zbac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151162?format=api", "vulnerability_id": "VCID-c229-su7g-v3dg", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45971", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46109", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46116", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46123", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2550" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2550", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2550" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf", "reference_id": "20ac51594db11604a4518aacc28a51f67d4f11bf", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:14:20Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf" }, { "reference_url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b", "reference_id": "840c8d91-c97e-4116-a9f8-4ab1a38d239b", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:14:20Z/" } ], "url": "https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b" }, { "reference_url": "https://github.com/advisories/GHSA-5mf7-p346-7rm8", "reference_id": "GHSA-5mf7-p346-7rm8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mf7-p346-7rm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379352?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13" } ], "aliases": [ "CVE-2023-2550", "GHSA-5mf7-p346-7rm8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c229-su7g-v3dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144899?format=api", "vulnerability_id": "VCID-cjzd-5q9t-nfek", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5517", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.55167", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.55183", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.55045", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1760" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1760", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1760" }, { "reference_url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5", "reference_id": "2d0ac48a-490d-4548-8d98-7447042dd1b5", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:44:48Z/" } ], "url": "https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770", "reference_id": "56295b54062a284020fccce12a5044f9fa7d2770", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:44:48Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770" }, { "reference_url": "https://github.com/advisories/GHSA-7q9c-f2v8-j8gw", "reference_id": "GHSA-7q9c-f2v8-j8gw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7q9c-f2v8-j8gw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1760", "GHSA-7q9c-f2v8-j8gw" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjzd-5q9t-nfek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138201?format=api", "vulnerability_id": "VCID-cnr9-cykp-bbaw", "summary": "phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-53929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22218", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2224", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22228", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22038", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-53929" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://www.phpmyfaq.de", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.phpmyfaq.de" }, { "reference_url": "https://www.exploit-db.com/exploits/51399", "reference_id": "51399", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/" } ], "url": "https://www.exploit-db.com/exploits/51399" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53929", "reference_id": "CVE-2023-53929", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53929" }, { "reference_url": "https://github.com/advisories/GHSA-x2v3-9p22-w3x6", "reference_id": "GHSA-x2v3-9p22-w3x6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2v3-9p22-w3x6" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export", "reference_id": "phpmyfaq-csv-injection-via-user-profile-export", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export" }, { "reference_url": "https://www.phpmyfaq.de/", "reference_id": "www.phpmyfaq.de", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/" } ], "url": "https://www.phpmyfaq.de/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379352?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13" } ], "aliases": [ "CVE-2023-53929", "GHSA-x2v3-9p22-w3x6" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnr9-cykp-bbaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148162?format=api", "vulnerability_id": "VCID-dc77-t7y6-z3ab", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.481", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.48099", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.48115", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47959", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0309" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0309", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0309" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b", "reference_id": "376d1d3e5a42edf07260e98461d2fddbee74419b", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:22:09Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b" }, { "reference_url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6", "reference_id": "c03c5925-43ff-450d-9827-2b65a3307ed6", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:22:09Z/" } ], "url": "https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6" }, { "reference_url": "https://github.com/advisories/GHSA-25c3-7fvj-v45j", "reference_id": "GHSA-25c3-7fvj-v45j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-25c3-7fvj-v45j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0309", "GHSA-25c3-7fvj-v45j" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dc77-t7y6-z3ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175149?format=api", "vulnerability_id": "VCID-e3h4-tm9q-dufz", "summary": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00921", "scoring_system": "epss", "scoring_elements": "0.76511", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00921", "scoring_system": "epss", "scoring_elements": "0.76506", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00921", "scoring_system": "epss", "scoring_elements": "0.76427", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00921", "scoring_system": "epss", "scoring_elements": "0.76497", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3754" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3754", "reference_id": "CVE-2022-3754", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3754" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea", "reference_id": "d7a87d2646287828c70401ca8976ef531fbc77ea", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea" }, { "reference_url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47", "reference_id": "f4711d7f-1368-48ab-9bef-45f32e356c47", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/" } ], "url": "https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47" }, { "reference_url": "https://github.com/advisories/GHSA-2rr3-rv49-p42f", "reference_id": "GHSA-2rr3-rv49-p42f", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rr3-rv49-p42f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27673?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-569v-kyhm-6bd7" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8hxw-rvte-33a1" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-btr7-sehp-zbac" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-dc77-t7y6-z3ab" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-fnfe-xws9-8bgg" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gsjf-hmab-ruew" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-m9y5-g412-zbeh" }, { "vulnerability": "VCID-mt7j-r561-tubz" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-v4hc-w2g2-63f5" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-x4fs-3h7u-4bbe" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-ygjv-jn67-p3h9" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-ztw9-5sne-p3e9" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8" } ], "aliases": [ "CVE-2022-3754", "GHSA-2rr3-rv49-p42f" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3h4-tm9q-dufz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133764?format=api", "vulnerability_id": "VCID-e4ep-gxfy-jbah", "summary": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08249", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0828", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08286", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08282", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5866" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5866", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5866" }, { "reference_url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945", "reference_id": "ec44bcba-ae7f-497a-851e-8165ecf56945", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:56:51Z/" } ], "url": "https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55", "reference_id": "fdacff14acd5e69841068f0e32b59e2d1b1d0d55", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:56:51Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55" }, { "reference_url": "https://github.com/advisories/GHSA-34w4-wrqp-j47g", "reference_id": "GHSA-34w4-wrqp-j47g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-34w4-wrqp-j47g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379166?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.1" } ], "aliases": [ "CVE-2023-5866", "GHSA-34w4-wrqp-j47g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ep-gxfy-jbah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148562?format=api", "vulnerability_id": "VCID-e6u1-1y99-5khx", "summary": "Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07757", "scoring_system": "epss", "scoring_elements": "0.92164", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.07757", "scoring_system": "epss", "scoring_elements": "0.9216", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07757", "scoring_system": "epss", "scoring_elements": "0.92166", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.07757", "scoring_system": "epss", "scoring_elements": "0.92133", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0789" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0789", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0789" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb", "reference_id": "40515c74815ace394ab23c6c19cbb33fd49059cb", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:50:05Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb" }, { "reference_url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5", "reference_id": "d9375178-2f23-4f5d-88bd-bba3d6ba7cc5", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:50:05Z/" } ], "url": "https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5" }, { "reference_url": "https://github.com/advisories/GHSA-6vp5-vv9p-7q62", "reference_id": "GHSA-6vp5-vv9p-7q62", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6vp5-vv9p-7q62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0789", "GHSA-6vp5-vv9p-7q62" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6u1-1y99-5khx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68143?format=api", "vulnerability_id": "VCID-ecpv-3xqn-eqf8", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08949", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08901", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46360" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46360", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46360" }, { "reference_url": "https://github.com/advisories/GHSA-whqh-9pq5-c7r3", "reference_id": "GHSA-whqh-9pq5-c7r3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-whqh-9pq5-c7r3" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3", "reference_id": "GHSA-whqh-9pq5-c7r3", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer", "reference_id": "phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46360", "GHSA-whqh-9pq5-c7r3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecpv-3xqn-eqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80126?format=api", "vulnerability_id": "VCID-emzq-e5ru-w3cx", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19686", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19689", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.19515", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00062", "scoring_system": "epss", "scoring_elements": "0.1971", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27836" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27836", "reference_id": "CVE-2026-27836", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27836" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1", "reference_id": "f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1" }, { "reference_url": "https://github.com/advisories/GHSA-w22q-m2fm-x9f4", "reference_id": "GHSA-w22q-m2fm-x9f4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w22q-m2fm-x9f4" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4", "reference_id": "GHSA-w22q-m2fm-x9f4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39980?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/931970?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-27836", "GHSA-w22q-m2fm-x9f4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emzq-e5ru-w3cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148289?format=api", "vulnerability_id": "VCID-fnfe-xws9-8bgg", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55301", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55298", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55314", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00317", "scoring_system": "epss", "scoring_elements": "0.55177", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0310" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0310", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0310" }, { "reference_url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a", "reference_id": "051d5e20-7fab-4769-bd7d-d986b804bb5a", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:20:16Z/" } ], "url": "https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142", "reference_id": "53099a9bcc928f5f6f7cce111c04b79a72a04142", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:20:16Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142" }, { "reference_url": "https://github.com/advisories/GHSA-9jff-8xmm-mw22", "reference_id": "GHSA-9jff-8xmm-mw22", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9jff-8xmm-mw22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0310", "GHSA-9jff-8xmm-mw22" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnfe-xws9-8bgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144353?format=api", "vulnerability_id": "VCID-gj1u-m1qq-1qb1", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4241", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42399", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42388", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42223", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1885" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1885", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1885" }, { "reference_url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8", "reference_id": "bce84c02-abb2-474f-a67b-1468c9dcabb8", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:30Z/" } ], "url": "https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024", "reference_id": "fecc803ab9c3e82718c4bcea7fe919d7a22ec024", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:30Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024" }, { "reference_url": "https://github.com/advisories/GHSA-xxm6-ff3x-v4vm", "reference_id": "GHSA-xxm6-ff3x-v4vm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxm6-ff3x-v4vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1885", "GHSA-xxm6-ff3x-v4vm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gj1u-m1qq-1qb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144330?format=api", "vulnerability_id": "VCID-gnxm-rq5g-g3d9", "summary": "Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.5409", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54221", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54216", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54233", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1887" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1887", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1887" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89", "reference_id": "400d9cd988d3287515c56b2ad6343026966f1a89", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:46:37Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89" }, { "reference_url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1", "reference_id": "e4a58835-96b5-412c-a17e-3ceed30231e1", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:46:37Z/" } ], "url": "https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1" }, { "reference_url": "https://github.com/advisories/GHSA-gx43-fqrx-6fcw", "reference_id": "GHSA-gx43-fqrx-6fcw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx43-fqrx-6fcw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1887", "GHSA-gx43-fqrx-6fcw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnxm-rq5g-g3d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148120?format=api", "vulnerability_id": "VCID-gsjf-hmab-ruew", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.47959", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.481", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.48099", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00244", "scoring_system": "epss", "scoring_elements": "0.48115", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0308" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0308", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0308" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f", "reference_id": "810ee26d25c3d97664532861863099952f0e9a1f", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:23:14Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f" }, { "reference_url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69", "reference_id": "83cfed62-af8b-4aaa-94f2-5a33dc0c2d69", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:23:14Z/" } ], "url": "https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69" }, { "reference_url": "https://github.com/advisories/GHSA-w475-749h-c77m", "reference_id": "GHSA-w475-749h-c77m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w475-749h-c77m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0308", "GHSA-w475-749h-c77m" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsjf-hmab-ruew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144642?format=api", "vulnerability_id": "VCID-gvt4-1vk8-8fbx", "summary": "Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1883", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60967", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.61079", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.61073", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.61081", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1883" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1883", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1883" }, { "reference_url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191", "reference_id": "2f1e417d-cf64-4cfb-954b-3a9cb2f38191", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:04Z/" } ], "url": "https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503", "reference_id": "db77df888178766987398597d4f153831c62a503", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:04Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503" }, { "reference_url": "https://github.com/advisories/GHSA-2wjp-w7g7-h63q", "reference_id": "GHSA-2wjp-w7g7-h63q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2wjp-w7g7-h63q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1883", "GHSA-2wjp-w7g7-h63q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvt4-1vk8-8fbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/151851?format=api", "vulnerability_id": "VCID-h2wj-7wb2-x3hz", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39935", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40116", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40104", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40127", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3469" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3469", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3469" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278", "reference_id": "04a0183c25dd425f4c2bfb5f75b7650b932ae278", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:03:49Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278" }, { "reference_url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca", "reference_id": "3565cfc9-82c4-4db8-9b8f-494dd81b56ca", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:03:49Z/" } ], "url": "https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca" }, { "reference_url": "https://github.com/advisories/GHSA-v6g2-jwrm-h5r5", "reference_id": "GHSA-v6g2-jwrm-h5r5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6g2-jwrm-h5r5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381806?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.0-beta.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta.2" } ], "aliases": [ "CVE-2023-3469", "GHSA-v6g2-jwrm-h5r5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2wj-7wb2-x3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175117?format=api", "vulnerability_id": "VCID-h499-pfbv-t7hr", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2358", "scoring_system": "epss", "scoring_elements": "0.96118", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.2358", "scoring_system": "epss", "scoring_elements": "0.9612", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.2358", "scoring_system": "epss", "scoring_elements": "0.96117", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.2358", "scoring_system": "epss", "scoring_elements": "0.96106", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3766" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d", "reference_id": "c7904f2236c6c0dd64c2226b90c30af0f7e5a72d", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:09:19Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52445.txt", "reference_id": "CVE-2022-3766", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52445.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3766", "reference_id": "CVE-2022-3766", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3766" }, { "reference_url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md", "reference_id": "CVE-2022-3766.MD", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md" }, { "reference_url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983", "reference_id": "d9666520-4ff5-43bb-aacf-50c8e5570983", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:09:19Z/" } ], "url": "https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983" }, { "reference_url": "https://github.com/advisories/GHSA-mg5h-rhjq-6v84", "reference_id": "GHSA-mg5h-rhjq-6v84", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mg5h-rhjq-6v84" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27673?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-569v-kyhm-6bd7" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8hxw-rvte-33a1" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-btr7-sehp-zbac" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-dc77-t7y6-z3ab" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-fnfe-xws9-8bgg" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gsjf-hmab-ruew" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-m9y5-g412-zbeh" }, { "vulnerability": "VCID-mt7j-r561-tubz" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-v4hc-w2g2-63f5" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-x4fs-3h7u-4bbe" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-ygjv-jn67-p3h9" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-ztw9-5sne-p3e9" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8" } ], "aliases": [ "CVE-2022-3766", "GHSA-mg5h-rhjq-6v84" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h499-pfbv-t7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144314?format=api", "vulnerability_id": "VCID-hygm-7h9w-x7cs", "summary": "Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1762", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58579", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58695", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58691", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58706", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1762" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1762", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1762" }, { "reference_url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a", "reference_id": "3c2374cc-7082-44b7-a6a6-ccff7a650a3a", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:00:40Z/" } ], "url": "https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514", "reference_id": "ae6c1d8c3eab05d6e2227c7a9998707f4f891514", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:00:40Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514" }, { "reference_url": "https://github.com/advisories/GHSA-xww4-w6ff-5q3g", "reference_id": "GHSA-xww4-w6ff-5q3g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xww4-w6ff-5q3g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1762", "GHSA-xww4-w6ff-5q3g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hygm-7h9w-x7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148474?format=api", "vulnerability_id": "VCID-jq9j-su28-xken", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0791", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.563", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56298", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56312", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.56178", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0791" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://huntr.com/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0791", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0791" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce", "reference_id": "26663efcb0b67e421e4ecccad8f19e7106bb03ce", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:48:30Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce" }, { "reference_url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d", "reference_id": "7152b340-c6f3-4ac8-9f62-f764a267488d", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:48:30Z/" } ], "url": "https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d" }, { "reference_url": "https://github.com/advisories/GHSA-c38p-vw6j-qjpr", "reference_id": "GHSA-c38p-vw6j-qjpr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c38p-vw6j-qjpr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0791", "GHSA-c38p-vw6j-qjpr" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jq9j-su28-xken" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144470?format=api", "vulnerability_id": "VCID-kfmg-41jk-qfh6", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63486", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63478", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.6349", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63376", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1755" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1755", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1755" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994", "reference_id": "2156573100fd3abf4c65270def77aed20ffc8994", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:59:13Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994" }, { "reference_url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a", "reference_id": "882ffa07-5397-4dbb-886f-4626859d711a", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:59:13Z/" } ], "url": "https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a" }, { "reference_url": "https://github.com/advisories/GHSA-hp8m-g55r-9cfq", "reference_id": "GHSA-hp8m-g55r-9cfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hp8m-g55r-9cfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1755", "GHSA-hp8m-g55r-9cfq" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfmg-41jk-qfh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/358507?format=api", "vulnerability_id": "VCID-kppj-ng9a-9fhs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29793", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29991", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30007", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.2999", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6889" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392" }, { "reference_url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6889", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6889" }, { "reference_url": "https://github.com/advisories/GHSA-w8xj-992g-842f", "reference_id": "GHSA-w8xj-992g-842f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w8xj-992g-842f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380139?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.17" } ], "aliases": [ "CVE-2023-6889", "GHSA-w8xj-992g-842f" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kppj-ng9a-9fhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148034?format=api", "vulnerability_id": "VCID-m9y5-g412-zbeh", "summary": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74496", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74507", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74423", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.7451", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0307" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0307", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0307" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596", "reference_id": "8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:25:12Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596" }, { "reference_url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215", "reference_id": "fac01e9f-e3e5-4985-94ad-59a76485f215", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:25:12Z/" } ], "url": "https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215" }, { "reference_url": "https://github.com/advisories/GHSA-4p88-cfhq-f3vg", "reference_id": "GHSA-4p88-cfhq-f3vg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p88-cfhq-f3vg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0307", "GHSA-4p88-cfhq-f3vg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9y5-g412-zbeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148591?format=api", "vulnerability_id": "VCID-mt7j-r561-tubz", "summary": "Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01393", "scoring_system": "epss", "scoring_elements": "0.80793", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01393", "scoring_system": "epss", "scoring_elements": "0.80855", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01393", "scoring_system": "epss", "scoring_elements": "0.80853", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01393", "scoring_system": "epss", "scoring_elements": "0.80863", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0311" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0311", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0311" }, { "reference_url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857", "reference_id": "82b0b629-c56b-4651-af3f-17f749751857", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:18:50Z/" } ], "url": "https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214", "reference_id": "fe6e9f02ef1b26a03134b9becda12687ee5f3214", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:18:50Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214" }, { "reference_url": "https://github.com/advisories/GHSA-g92r-9rxw-cmgx", "reference_id": "GHSA-g92r-9rxw-cmgx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g92r-9rxw-cmgx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0311", "GHSA-g92r-9rxw-cmgx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mt7j-r561-tubz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150990?format=api", "vulnerability_id": "VCID-naqh-qumg-37gh", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37936", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37949", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37961", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37759", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2428" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2428", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2428" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab", "reference_id": "0a4980d870bac92df945f6d022726c4e3ed584ab", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:58:27Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab" }, { "reference_url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e", "reference_id": "cee65b6d-b003-4e6a-9d14-89aa94bee43e", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:58:27Z/" } ], "url": "https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e" }, { "reference_url": "https://github.com/advisories/GHSA-8595-6653-96p2", "reference_id": "GHSA-8595-6653-96p2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8595-6653-96p2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379352?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13" } ], "aliases": [ "CVE-2023-2428", "GHSA-8595-6653-96p2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-naqh-qumg-37gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83223?format=api", "vulnerability_id": "VCID-p68j-sbvd-yuh4", "summary": "phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by default, returning records marked as non-public (isVisible=false) along with user email addresses, with similar exposures present in comment, news, and FAQ APIs. This information disclosure vulnerability could enable attackers to harvest email addresses for phishing campaigns or access content that was explicitly marked as private. This issue has been fixed in version 4.0.17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06222", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06194", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06211", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06201", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24422" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24422", "reference_id": "CVE-2026-24422", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24422" }, { "reference_url": "https://github.com/advisories/GHSA-j4rc-96xj-gvqc", "reference_id": "GHSA-j4rc-96xj-gvqc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4rc-96xj-gvqc" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc", "reference_id": "GHSA-j4rc-96xj-gvqc", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T14:57:47Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38149?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/931970?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.0-RC", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC" } ], "aliases": [ "CVE-2026-24422", "GHSA-j4rc-96xj-gvqc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p68j-sbvd-yuh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150643?format=api", "vulnerability_id": "VCID-pb65-wunz-tye6", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58685", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.588", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58797", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58812", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2999" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2999", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2999" }, { "reference_url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620", "reference_id": "4d89c7cc-fb4c-4b64-9b67-f0189f70a620", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H" }, { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:25:48Z/" } ], "url": "https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd", "reference_id": "937913948cab382a38f681e0bd29c152e2f383cd", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H" }, { "value": "6.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:25:48Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd" }, { "reference_url": "https://github.com/advisories/GHSA-94r7-63g8-c4jw", "reference_id": "GHSA-94r7-63g8-c4jw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94r7-63g8-c4jw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381983?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.14" } ], "aliases": [ "CVE-2023-2999", "GHSA-94r7-63g8-c4jw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb65-wunz-tye6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74750?format=api", "vulnerability_id": "VCID-q6zp-tnjb-pye3", "summary": "phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29774", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29776", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29577", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29792", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34973" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34973", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34973" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1", "reference_id": "4.1.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1" }, { "reference_url": "https://github.com/advisories/GHSA-gcp9-5jc8-976x", "reference_id": "GHSA-gcp9-5jc8-976x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gcp9-5jc8-976x" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x", "reference_id": "GHSA-gcp9-5jc8-976x", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373289?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-34973", "GHSA-gcp9-5jc8-976x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6zp-tnjb-pye3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148381?format=api", "vulnerability_id": "VCID-qb4k-vsfg-wycb", "summary": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.61111", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.61105", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.61113", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60999", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0788" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://huntr.com/bounties/808d5452-607c-4af1-812f-26c49faf3e61", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/808d5452-607c-4af1-812f-26c49faf3e61" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0788", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0788" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039", "reference_id": "77b42b9d0be3990ee7389207a71528b304b03039", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:51:00Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039" }, { "reference_url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61", "reference_id": "808d5452-607c-4af1-812f-26c49faf3e61", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:51:00Z/" } ], "url": "https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61" }, { "reference_url": "https://github.com/advisories/GHSA-r6cw-356h-mvwg", "reference_id": "GHSA-r6cw-356h-mvwg", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6cw-356h-mvwg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0788", "GHSA-r6cw-356h-mvwg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qb4k-vsfg-wycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/359156?format=api", "vulnerability_id": "VCID-qhsm-g24v-k7gj", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41566", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41732", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41751", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4174", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32629" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32629", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32629" }, { "reference_url": "https://github.com/advisories/GHSA-98gw-w575-h2ph", "reference_id": "GHSA-98gw-w575-h2ph", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98gw-w575-h2ph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373289?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-426v-vz22-nqem" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-n3tn-cpf3-5qe2" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1" } ], "aliases": [ "CVE-2026-32629", "GHSA-98gw-w575-h2ph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsm-g24v-k7gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144415?format=api", "vulnerability_id": "VCID-qpnp-kehq-f7gm", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55623", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55621", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55635", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55501", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1884" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1884", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1884" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611", "reference_id": "7f0f921de74c88038826c46bbd2a123518d9d611", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:48:00Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611" }, { "reference_url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e", "reference_id": "dda73cb6-9344-4822-97a1-2e31efb6a73e", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:48:00Z/" } ], "url": "https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e" }, { "reference_url": "https://github.com/advisories/GHSA-gmjj-g2rm-xwm7", "reference_id": "GHSA-gmjj-g2rm-xwm7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gmjj-g2rm-xwm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1884", "GHSA-gmjj-g2rm-xwm7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnp-kehq-f7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148199?format=api", "vulnerability_id": "VCID-qrn1-cpad-puht", "summary": "Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.623", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.62294", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.62304", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00417", "scoring_system": "epss", "scoring_elements": "0.62192", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0790" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0790", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0790" }, { "reference_url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156", "reference_id": "06af150b-b481-4248-9a48-56ded2814156", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:49:20Z/" } ], "url": "https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e", "reference_id": "f34d84dfe551ecdd675916e45cc0606e04a0734e", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:49:20Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e" }, { "reference_url": "https://github.com/advisories/GHSA-6vv4-qq3r-9rv8", "reference_id": "GHSA-6vv4-qq3r-9rv8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6vv4-qq3r-9rv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0790", "GHSA-6vv4-qq3r-9rv8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrn1-cpad-puht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148613?format=api", "vulnerability_id": "VCID-r24s-k7p3-f7e4", "summary": "Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60269", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60265", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60276", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60158", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0792" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0792", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0792" }, { "reference_url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f", "reference_id": "9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:47:46Z/" } ], "url": "https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1", "reference_id": "d8964568d69488de02f0a0a58acc822eeb5c3cb1", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:47:46Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1" }, { "reference_url": "https://github.com/advisories/GHSA-wjrj-jc3w-ppfw", "reference_id": "GHSA-wjrj-jc3w-ppfw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wjrj-jc3w-ppfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0792", "GHSA-wjrj-jc3w-ppfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r24s-k7p3-f7e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/357744?format=api", "vulnerability_id": "VCID-rp5d-6b4k-33g5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34239", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34418", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34443", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34422", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4006" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22" }, { "reference_url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4006", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4006" }, { "reference_url": "https://github.com/advisories/GHSA-2xvx-368h-qcmv", "reference_id": "GHSA-2xvx-368h-qcmv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xvx-368h-qcmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381453?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.16" } ], "aliases": [ "CVE-2023-4006", "GHSA-2xvx-368h-qcmv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5d-6b4k-33g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144456?format=api", "vulnerability_id": "VCID-rrh1-efbq-tugt", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14326", "scoring_system": "epss", "scoring_elements": "0.94581", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.14326", "scoring_system": "epss", "scoring_elements": "0.94587", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.14326", "scoring_system": "epss", "scoring_elements": "0.94563", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1880" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1880", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1880" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d", "reference_id": "bbc5d4aa4a4375c14e34dd9fcad2042066fe476d", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T19:50:31Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d" }, { "reference_url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e", "reference_id": "ece5f051-674e-4919-b998-594714910f9e", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T19:50:31Z/" } ], "url": "https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e" }, { "reference_url": "https://github.com/advisories/GHSA-m8q9-7v2f-qjx9", "reference_id": "GHSA-m8q9-7v2f-qjx9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m8q9-7v2f-qjx9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1880", "GHSA-m8q9-7v2f-qjx9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrh1-efbq-tugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69871?format=api", "vulnerability_id": "VCID-rrz3-kbbd-eyhq", "summary": "phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41229", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.4124", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41249", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41063", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45010" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45010" }, { "reference_url": "https://github.com/advisories/GHSA-9pq7-mfwh-xx2j", "reference_id": "GHSA-9pq7-mfwh-xx2j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9pq7-mfwh-xx2j" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j", "reference_id": "GHSA-9pq7-mfwh-xx2j", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint", "reference_id": "phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45010", "GHSA-9pq7-mfwh-xx2j" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rrz3-kbbd-eyhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144594?format=api", "vulnerability_id": "VCID-spjh-4tvh-gyca", "summary": "Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54099", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54229", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54224", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.54242", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1754" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1754", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1754" }, { "reference_url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28", "reference_id": "529f2361-eb2e-476f-b7ef-4e561a712e28", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:19Z/" } ], "url": "https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491", "reference_id": "d773df925cb74e874527458beed1f66f966ec491", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:19Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491" }, { "reference_url": "https://github.com/advisories/GHSA-gvg8-r8w2-9gfj", "reference_id": "GHSA-gvg8-r8w2-9gfj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvg8-r8w2-9gfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1754", "GHSA-gvg8-r8w2-9gfj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-spjh-4tvh-gyca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68194?format=api", "vulnerability_id": "VCID-tpbv-urbk-h7gf", "summary": "phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10145", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10135", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1015", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10098", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46359" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46359", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46359" }, { "reference_url": "https://github.com/advisories/GHSA-pm8c-3qq3-72w7", "reference_id": "GHSA-pm8c-3qq3-72w7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm8c-3qq3-72w7" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7", "reference_id": "GHSA-pm8c-3qq3-72w7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields", "reference_id": "phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46359", "GHSA-pm8c-3qq3-72w7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpbv-urbk-h7gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144418?format=api", "vulnerability_id": "VCID-tq9d-mguz-8bhp", "summary": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52771", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52753", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52756", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52628", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1753" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1753" }, { "reference_url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b", "reference_id": "01d6ae23-3a8f-42a8-99f4-10246187d71b", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:53Z/" } ], "url": "https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5", "reference_id": "f612a72494080e04947da7028340fee4493fe8a5", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:53Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5" }, { "reference_url": "https://github.com/advisories/GHSA-4p4m-5qp7-479x", "reference_id": "GHSA-4p4m-5qp7-479x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p4m-5qp7-479x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1753", "GHSA-4p4m-5qp7-479x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tq9d-mguz-8bhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69890?format=api", "vulnerability_id": "VCID-txxg-bugj-6bd4", "summary": "phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15496", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15471", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15503", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45008" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45008", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45008" }, { "reference_url": "https://github.com/advisories/GHSA-gh9p-q46p-57g2", "reference_id": "GHSA-gh9p-q46p-57g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh9p-q46p-57g2" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2", "reference_id": "GHSA-gh9p-q46p-57g2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter", "reference_id": "phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-45008", "GHSA-gh9p-q46p-57g2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-txxg-bugj-6bd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147996?format=api", "vulnerability_id": "VCID-ty89-v3b2-7yf7", "summary": "Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0793", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48326", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48324", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48341", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48186", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0793" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0793", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0793" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547", "reference_id": "00c04093c671607ee06cdfd670070809460f9547", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:46:24Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547" }, { "reference_url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9", "reference_id": "b3881a1f-2f1e-45cb-86f3-735f66e660e9", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:46:24Z/" } ], "url": "https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9" }, { "reference_url": "https://github.com/advisories/GHSA-fxrq-xhj9-rf5j", "reference_id": "GHSA-fxrq-xhj9-rf5j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxrq-xhj9-rf5j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0793", "GHSA-fxrq-xhj9-rf5j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ty89-v3b2-7yf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/123709?format=api", "vulnerability_id": "VCID-u37t-naar-pbav", "summary": "phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-69200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02669", "scoring_system": "epss", "scoring_elements": "0.86195", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02669", "scoring_system": "epss", "scoring_elements": "0.86197", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02669", "scoring_system": "epss", "scoring_elements": "0.86186", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02669", "scoring_system": "epss", "scoring_elements": "0.86136", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-69200" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a", "reference_id": "b0e99ee3695152115841cb546d8dce64ceb8c29a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69200", "reference_id": "CVE-2025-69200", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69200" }, { "reference_url": "https://github.com/advisories/GHSA-9cg9-4h4f-j6fg", "reference_id": "GHSA-9cg9-4h4f-j6fg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9cg9-4h4f-j6fg" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg", "reference_id": "GHSA-9cg9-4h4f-j6fg", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36384?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.16" } ], "aliases": [ "CVE-2025-69200", "GHSA-9cg9-4h4f-j6fg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u37t-naar-pbav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133846?format=api", "vulnerability_id": "VCID-uerm-mjrz-vyg4", "summary": "Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61447", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61555", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61551", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61559", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5227" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5227", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5227" }, { "reference_url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8", "reference_id": "a335c013-db75-4120-872c-42059c7100e8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:11:37Z/" } ], "url": "https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297", "reference_id": "abf52487422ce47195c8a80bd904a7af39f60297", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:11:37Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297" }, { "reference_url": "https://github.com/advisories/GHSA-qcjg-hvg6-hxcp", "reference_id": "GHSA-qcjg-hvg6-hxcp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcjg-hvg6-hxcp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379656?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18" } ], "aliases": [ "CVE-2023-5227", "GHSA-qcjg-hvg6-hxcp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uerm-mjrz-vyg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133771?format=api", "vulnerability_id": "VCID-ufhy-fdmw-hkdv", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27028", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27234", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27233", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27252", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5319" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5319", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5319" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131", "reference_id": "95ed9b20557ed930d4eed1f3a6db713416f31131", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:08:29Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131" }, { "reference_url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d", "reference_id": "e2542cbe-41ab-4a90-b6a4-191884c1834d", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:08:29Z/" } ], "url": "https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d" }, { "reference_url": "https://github.com/advisories/GHSA-j5ww-5xf4-hqm2", "reference_id": "GHSA-j5ww-5xf4-hqm2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5ww-5xf4-hqm2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379656?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18" } ], "aliases": [ "CVE-2023-5319", "GHSA-j5ww-5xf4-hqm2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ufhy-fdmw-hkdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148475?format=api", "vulnerability_id": "VCID-v4hc-w2g2-63f5", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0306", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61856", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61855", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61863", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0041", "scoring_system": "epss", "scoring_elements": "0.61754", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0306" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0306", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0306" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5", "reference_id": "1815daef61c432bb73b9dca43f03d140c94ef0c5", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:46:25Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5" }, { "reference_url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde", "reference_id": "cbba22f0-89ed-4d01-81ea-744979c8cbde", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:46:25Z/" } ], "url": "https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde" }, { "reference_url": "https://github.com/advisories/GHSA-96x6-jf5w-84c5", "reference_id": "GHSA-96x6-jf5w-84c5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-96x6-jf5w-84c5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0306", "GHSA-96x6-jf5w-84c5" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4hc-w2g2-63f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68157?format=api", "vulnerability_id": "VCID-vjqh-59nn-5ude", "summary": "phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08945", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08939", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08949", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08901", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46363" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46363", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46363" }, { "reference_url": "https://github.com/advisories/GHSA-f5p7-2c9q-8896", "reference_id": "GHSA-f5p7-2c9q-8896", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f5p7-2c9q-8896" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896", "reference_id": "GHSA-f5p7-2c9q-8896", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass", "reference_id": "phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46363", "GHSA-f5p7-2c9q-8896" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjqh-59nn-5ude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150684?format=api", "vulnerability_id": "VCID-wcpf-w4c4-ubba", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.6736", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.67347", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.67361", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.67255", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2752" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2752", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2752" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8", "reference_id": "e7599d49b0ece7ceef3a4e8d334782cc3df98be8", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T17:21:16Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8" }, { "reference_url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4", "reference_id": "efdf5b24-6d30-4d57-a5b0-13b253ba3ea4", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T17:21:16Z/" } ], "url": "https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4" }, { "reference_url": "https://github.com/advisories/GHSA-j657-pjgc-c4h6", "reference_id": "GHSA-j657-pjgc-c4h6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j657-pjgc-c4h6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381986?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta" } ], "aliases": [ "CVE-2023-2752", "GHSA-j657-pjgc-c4h6" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wcpf-w4c4-ubba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140178?format=api", "vulnerability_id": "VCID-x1gz-3d4a-1qdy", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31213", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31405", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31406", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31423", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4007" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4007", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4007" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e", "reference_id": "40eb9685198128908e83c2bef4c228751fd43a0e", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-11T18:40:36Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e" }, { "reference_url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea", "reference_id": "e891dcbc-2092-49d3-9518-23e37187a5ea", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-11T18:40:36Z/" } ], "url": "https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea" }, { "reference_url": "https://github.com/advisories/GHSA-q9vm-29ph-p7mp", "reference_id": "GHSA-q9vm-29ph-p7mp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9vm-29ph-p7mp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381453?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.16" } ], "aliases": [ "CVE-2023-4007", "GHSA-q9vm-29ph-p7mp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1gz-3d4a-1qdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148250?format=api", "vulnerability_id": "VCID-x4fs-3h7u-4bbe", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0313", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49901", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49896", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49915", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49759", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0313" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0313", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0313" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b", "reference_id": "1123c0872314fa68d7d0d8136939f62270fb4b7b", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:15:37Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b" }, { "reference_url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256", "reference_id": "bc27e84b-1f91-4e1b-a78c-944edeba8256", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:15:37Z/" } ], "url": "https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256" }, { "reference_url": "https://github.com/advisories/GHSA-x2h8-4mhh-5hwh", "reference_id": "GHSA-x2h8-4mhh-5hwh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2h8-4mhh-5hwh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379949?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10" } ], "aliases": [ "CVE-2023-0313", "GHSA-x2h8-4mhh-5hwh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4fs-3h7u-4bbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133932?format=api", "vulnerability_id": "VCID-xt5z-y1n5-37fn", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06224", "scoring_system": "epss", "scoring_elements": "0.91113", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.06224", "scoring_system": "epss", "scoring_elements": "0.91118", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.06224", "scoring_system": "epss", "scoring_elements": "0.91119", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.06224", "scoring_system": "epss", "scoring_elements": "0.91082", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5863" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5863", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5863" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f", "reference_id": "97e813dcd2022bd10a8770569a8b02591716365f", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:50:00Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f" }, { "reference_url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f", "reference_id": "fbfd4e84-61fb-4063-8f11-15877b8c1f6f", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:50:00Z/" } ], "url": "https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f" }, { "reference_url": "https://github.com/advisories/GHSA-j4vj-w5rj-8grw", "reference_id": "GHSA-j4vj-w5rj-8grw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4vj-w5rj-8grw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379134?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2" } ], "aliases": [ "CVE-2023-5863", "GHSA-j4vj-w5rj-8grw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xt5z-y1n5-37fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/360347?format=api", "vulnerability_id": "VCID-yckn-74u4-pkaw", "summary": "phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags\n## Summary\n\nThe `TagController::delete()` endpoint at `DELETE /admin/api/content/tags/{tagId}` only verifies that the user is logged in (`userIsAuthenticated()`), but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with `TagController::update()` and `TagController::search()`, which both enforce the `FAQ_EDIT` permission.\n\n## Details\n\nIn `phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/TagController.php`, the `delete()` method (line 121-133) uses only `$this->userIsAuthenticated()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n $this->userIsAuthenticated(); // Only checks isLoggedIn() — no permission check\n\n $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n if ($this->tags->delete($tagId)) {\n return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n }\n\n return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nCompare with `update()` (line 48-71) which properly enforces authorization:\n\n```php\npublic function update(Request $request): JsonResponse\n{\n $this->userHasPermission(PermissionType::FAQ_EDIT); // Proper permission check\n // ... also verifies CSRF token ...\n}\n```\n\nThe `userIsAuthenticated()` method in `AbstractController` (line 258-263) only checks `$this->currentUser->isLoggedIn()`:\n\n```php\nprotected function userIsAuthenticated(): void\n{\n if (!$this->currentUser->isLoggedIn()) {\n throw new UnauthorizedHttpException(challenge: 'User is not authenticated.');\n }\n}\n```\n\nThere is no admin-level middleware in the `Kernel` — it registers only RouterListener, LanguageListener, ControllerContainerListener, and exception listeners. The admin API entry point (`admin/api/index.php`) shares the same bootstrap and session as the frontend, meaning a frontend user's session cookie is valid for admin API requests.\n\nAdditionally, this endpoint lacks CSRF token verification (unlike `update()`), though the primary issue is the missing authorization since the attack vector is a logged-in user acting directly.\n\n## PoC\n\n```bash\n# Step 1: Register as a regular user on the phpMyFAQ frontend\n# (or use any existing non-admin authenticated session)\n\n# Step 2: As the authenticated non-admin user, delete tag with ID 1:\ncurl -X DELETE 'https://target.com/admin/api/content/tags/1' \\\n -H 'Cookie: PHPSESSID=<regular_user_session>'\n\n# Expected: 401 or 403 (user lacks FAQ_EDIT permission)\n# Actual: 200 OK with {\"success\": \"...\"}\n\n# Step 3: Enumerate and delete all tags:\nfor i in $(seq 1 100); do\n curl -s -X DELETE \"https://target.com/admin/api/content/tags/$i\" \\\n -H 'Cookie: PHPSESSID=<regular_user_session>'\ndone\n```\n\n## Impact\n\nAny authenticated user (including regular frontend users who registered through the public registration form) can delete all tags in the phpMyFAQ instance. This results in:\n\n- **Data integrity loss:** Tags are permanently deleted from the database. All FAQ-to-tag associations are destroyed.\n- **Disruption of FAQ organization:** Tag-based navigation, filtering, and tag clouds become empty or broken.\n- **No recoverability without backup:** Deleted tags and their associations cannot be restored without a database backup.\n\nThe impact is limited to tags (not FAQ content itself), but in large installations with extensive tag taxonomies, this could significantly degrade usability.\n\n## Recommended Fix\n\nAdd the `FAQ_EDIT` permission check and CSRF token verification to `TagController::delete()`, consistent with `TagController::update()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n $this->userHasPermission(PermissionType::FAQ_EDIT);\n\n $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n if ($this->tags->delete($tagId)) {\n return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n }\n\n return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nAt minimum, add `$this->userHasPermission(PermissionType::FAQ_EDIT)` to enforce the same authorization as the update and search endpoints. Consider also adding a dedicated `TAG_DELETE` permission type for more granular access control.", "references": [ { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://github.com/advisories/GHSA-7cx3-2qx2-3g6w", "reference_id": "GHSA-7cx3-2qx2-3g6w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cx3-2qx2-3g6w" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w", "reference_id": "GHSA-7cx3-2qx2-3g6w", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "GHSA-7cx3-2qx2-3g6w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yckn-74u4-pkaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169066?format=api", "vulnerability_id": "VCID-ygjv-jn67-p3h9", "summary": "Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09241", "scoring_system": "epss", "scoring_elements": "0.92927", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.09241", "scoring_system": "epss", "scoring_elements": "0.9293", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.09241", "scoring_system": "epss", "scoring_elements": "0.92929", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.09241", "scoring_system": "epss", "scoring_elements": "0.92904", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4407" }, { "reference_url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4407", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4407" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5", "reference_id": "1d73af34bf42764f9f9491c7ba5e9495d70e3ca5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:37Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5" }, { "reference_url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b", "reference_id": "a1649f43-78c9-4927-b313-36911872a84b", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:37Z/" } ], "url": "https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52226.txt", "reference_id": "CVE-2022-4407", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52226.txt" }, { "reference_url": "https://github.com/advisories/GHSA-cp9c-phxx-55xm", "reference_id": "GHSA-cp9c-phxx-55xm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cp9c-phxx-55xm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383967?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8hxw-rvte-33a1" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-btr7-sehp-zbac" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-dc77-t7y6-z3ab" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-fnfe-xws9-8bgg" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gsjf-hmab-ruew" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-m9y5-g412-zbeh" }, { "vulnerability": "VCID-mt7j-r561-tubz" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-v4hc-w2g2-63f5" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-x4fs-3h7u-4bbe" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9" } ], "aliases": [ "CVE-2022-4407", "GHSA-cp9c-phxx-55xm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygjv-jn67-p3h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/144847?format=api", "vulnerability_id": "VCID-yh2p-b5px-b7hz", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58495", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.5849", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58506", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58378", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1757" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1757", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1757" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19", "reference_id": "5061e5841be6c218ebb0de0cbf7b7f195dc46d19", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:43:09Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19" }, { "reference_url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c", "reference_id": "584a200a-6ff8-4d53-a3c0-e7893edff60c", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:43:09Z/" } ], "url": "https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c" }, { "reference_url": "https://github.com/advisories/GHSA-jvjx-qqh7-6x6c", "reference_id": "GHSA-jvjx-qqh7-6x6c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jvjx-qqh7-6x6c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/36275?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12" } ], "aliases": [ "CVE-2023-1757", "GHSA-jvjx-qqh7-6x6c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yh2p-b5px-b7hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150702?format=api", "vulnerability_id": "VCID-yn5s-m3hv-7be8", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.60342", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.60453", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.60448", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00388", "scoring_system": "epss", "scoring_elements": "0.60459", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2998" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2998", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2998" }, { "reference_url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78", "reference_id": "8282d78e-f399-4bf4-8403-f39103a31e78", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:26:29Z/" } ], "url": "https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493", "reference_id": "c120070a66e6c497c328d3b6b067eebcd8ea8493", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:26:29Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493" }, { "reference_url": "https://github.com/advisories/GHSA-974q-4vvr-vg9c", "reference_id": "GHSA-974q-4vvr-vg9c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-974q-4vvr-vg9c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/381983?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.14" } ], "aliases": [ "CVE-2023-2998", "GHSA-974q-4vvr-vg9c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn5s-m3hv-7be8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/358508?format=api", "vulnerability_id": "VCID-z4qa-mnne-pyay", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29793", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29991", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30007", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.2999", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-6890" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43" }, { "reference_url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6890", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6890" }, { "reference_url": "https://github.com/advisories/GHSA-4h37-q5j3-hw96", "reference_id": "GHSA-4h37-q5j3-hw96", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4h37-q5j3-hw96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380139?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.17" } ], "aliases": [ "CVE-2023-6890", "GHSA-4h37-q5j3-hw96" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4qa-mnne-pyay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133646?format=api", "vulnerability_id": "VCID-z8kb-6u51-8bd9", "summary": "Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52529", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5265", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52656", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52668", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5316" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5316", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5316" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa", "reference_id": "332d2e4a83251d406ca58dd11c27c598673aa5fa", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:05:40Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa" }, { "reference_url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43", "reference_id": "f877e65a-e647-457b-b105-7e5c9f58fb43", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:05:40Z/" } ], "url": "https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43" }, { "reference_url": "https://github.com/advisories/GHSA-58v7-58c2-qwm9", "reference_id": "GHSA-58v7-58c2-qwm9", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-58v7-58c2-qwm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379656?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18" } ], "aliases": [ "CVE-2023-5316", "GHSA-58v7-58c2-qwm9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8kb-6u51-8bd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/148434?format=api", "vulnerability_id": "VCID-zaaf-n1z8-v7b3", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58571", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58565", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58581", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00359", "scoring_system": "epss", "scoring_elements": "0.58453", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0794" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://huntr.com/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.com/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0794", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0794" }, { "reference_url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb", "reference_id": "949975f1-271d-46aa-85e5-1a013cdb5efb", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:47:10Z/" } ], "url": "https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635", "reference_id": "edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:47:10Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635" }, { "reference_url": "https://github.com/advisories/GHSA-gf34-hh5r-f74h", "reference_id": "GHSA-gf34-hh5r-f74h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gf34-hh5r-f74h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0794", "GHSA-gf34-hh5r-f74h" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zaaf-n1z8-v7b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174880?format=api", "vulnerability_id": "VCID-zpeg-pwqh-hbby", "summary": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3765", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63487", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63484", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63373", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63476", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3765" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af", "reference_id": "372428d02a08e90b3a253ba5c506cda84581a5af", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:01:23Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af" }, { "reference_url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d", "reference_id": "613143a1-8e51-449a-b214-12458308835d", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:01:23Z/" } ], "url": "https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3765", "reference_id": "CVE-2022-3765", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3765" }, { "reference_url": "https://github.com/advisories/GHSA-wr74-2v66-57pp", "reference_id": "GHSA-wr74-2v66-57pp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wr74-2v66-57pp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27673?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-569v-kyhm-6bd7" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8hxw-rvte-33a1" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-btr7-sehp-zbac" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-dc77-t7y6-z3ab" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-fnfe-xws9-8bgg" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gsjf-hmab-ruew" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-m9y5-g412-zbeh" }, { "vulnerability": "VCID-mt7j-r561-tubz" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-v4hc-w2g2-63f5" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-x4fs-3h7u-4bbe" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-ygjv-jn67-p3h9" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-ztw9-5sne-p3e9" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8" } ], "aliases": [ "CVE-2022-3765", "GHSA-wr74-2v66-57pp" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zpeg-pwqh-hbby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68203?format=api", "vulnerability_id": "VCID-zr1w-jzzj-a7gd", "summary": "phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15029", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14999", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15028", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14909", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-46362" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46362", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46362" }, { "reference_url": "https://github.com/advisories/GHSA-hpgw-ww76-c68r", "reference_id": "GHSA-hpgw-ww76-c68r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hpgw-ww76-c68r" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r", "reference_id": "GHSA-hpgw-ww76-c68r", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/" } ], "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r" }, { "reference_url": "https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check", "reference_id": "phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/" } ], "url": "https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/40863?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-mdxy-3bhf-6ybe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2" } ], "aliases": [ "CVE-2026-46362", "GHSA-hpgw-ww76-c68r" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zr1w-jzzj-a7gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168686?format=api", "vulnerability_id": "VCID-ztw9-5sne-p3e9", "summary": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4409", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37203", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37188", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37178", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4409" }, { "reference_url": "https://github.com/thorsten/phpmyfaq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpmyfaq" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ/commit/c16cc2bbe2687f75aa1204b804483091fae43cba", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ/commit/c16cc2bbe2687f75aa1204b804483091fae43cba" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4409", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4409" }, { "reference_url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c", "reference_id": "5915ed4c-5fe2-42e7-8fac-5dd0d032727c", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:43:47Z/" } ], "url": "https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38", "reference_id": "8b47f38", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:43:47Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/8b47f38" }, { "reference_url": "https://github.com/advisories/GHSA-wpgc-5cr5-h9gg", "reference_id": "GHSA-wpgc-5cr5-h9gg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpgc-5cr5-h9gg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/383967?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-1rpy-1jkw-w3fx" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8hxw-rvte-33a1" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-ax4d-t793-8bas" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-btr7-sehp-zbac" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-dc77-t7y6-z3ab" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-e6u1-1y99-5khx" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-fnfe-xws9-8bgg" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gsjf-hmab-ruew" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-jq9j-su28-xken" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-m9y5-g412-zbeh" }, { "vulnerability": "VCID-mt7j-r561-tubz" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qb4k-vsfg-wycb" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-qrn1-cpad-puht" }, { "vulnerability": "VCID-r24s-k7p3-f7e4" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-ty89-v3b2-7yf7" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-v4hc-w2g2-63f5" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-x4fs-3h7u-4bbe" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zaaf-n1z8-v7b3" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" }, { "vulnerability": "VCID-zwsu-pwxb-u3h5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9" } ], "aliases": [ "CVE-2022-4409", "GHSA-wpgc-5cr5-h9gg" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztw9-5sne-p3e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147982?format=api", "vulnerability_id": "VCID-zwsu-pwxb-u3h5", "summary": "Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52499", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52505", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52517", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52376", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0787" }, { "reference_url": "https://github.com/thorsten/phpMyFAQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/thorsten/phpMyFAQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0787", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0787" }, { "reference_url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024", "reference_id": "87397c71-7b84-4617-a66e-fa6c73be9024", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:46:47Z/" } ], "url": "https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024" }, { "reference_url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612", "reference_id": "b76d58321a7a595eeaf4f7a30403ca6cd8506612", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:46:47Z/" } ], "url": "https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612" }, { "reference_url": "https://github.com/advisories/GHSA-gxxj-x426-xj2w", "reference_id": "GHSA-gxxj-x426-xj2w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gxxj-x426-xj2w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380407?format=api", "purl": "pkg:composer/thorsten/phpmyfaq@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-15bx-wfer-qygk" }, { "vulnerability": "VCID-15yp-h3fj-pbb1" }, { "vulnerability": "VCID-1kny-sn17-gbdz" }, { "vulnerability": "VCID-1q6p-7t7t-87e5" }, { "vulnerability": "VCID-1qwx-htn1-4bg8" }, { "vulnerability": "VCID-2bb7-xtyn-dbcq" }, { "vulnerability": "VCID-2bsv-7dt5-6qcu" }, { "vulnerability": "VCID-2wd2-u5mg-suh4" }, { "vulnerability": "VCID-4ej8-n833-fuf4" }, { "vulnerability": "VCID-57ev-2w6v-mbbs" }, { "vulnerability": "VCID-5pw3-qxh6-6ufr" }, { "vulnerability": "VCID-5wsg-7979-dqgs" }, { "vulnerability": "VCID-6jmj-n5mz-bba8" }, { "vulnerability": "VCID-6w5z-nvj8-wke8" }, { "vulnerability": "VCID-7tpb-1avq-zfhu" }, { "vulnerability": "VCID-8fkr-xfw6-ffcj" }, { "vulnerability": "VCID-8k51-budg-h3ak" }, { "vulnerability": "VCID-8tff-qn8m-r3hc" }, { "vulnerability": "VCID-8vqk-5ha5-4bae" }, { "vulnerability": "VCID-9mx6-54u5-fugf" }, { "vulnerability": "VCID-ajev-ydxv-nbd5" }, { "vulnerability": "VCID-aku3-vveb-gugg" }, { "vulnerability": "VCID-b214-zgc8-4qdh" }, { "vulnerability": "VCID-b4yy-mtkz-hybq" }, { "vulnerability": "VCID-b64e-gffa-5kg7" }, { "vulnerability": "VCID-bfsb-58cj-mfaa" }, { "vulnerability": "VCID-c229-su7g-v3dg" }, { "vulnerability": "VCID-cjzd-5q9t-nfek" }, { "vulnerability": "VCID-cnr9-cykp-bbaw" }, { "vulnerability": "VCID-e4ep-gxfy-jbah" }, { "vulnerability": "VCID-ecpv-3xqn-eqf8" }, { "vulnerability": "VCID-emzq-e5ru-w3cx" }, { "vulnerability": "VCID-gj1u-m1qq-1qb1" }, { "vulnerability": "VCID-gnxm-rq5g-g3d9" }, { "vulnerability": "VCID-gvt4-1vk8-8fbx" }, { "vulnerability": "VCID-h2wj-7wb2-x3hz" }, { "vulnerability": "VCID-hygm-7h9w-x7cs" }, { "vulnerability": "VCID-kfmg-41jk-qfh6" }, { "vulnerability": "VCID-kppj-ng9a-9fhs" }, { "vulnerability": "VCID-naqh-qumg-37gh" }, { "vulnerability": "VCID-p68j-sbvd-yuh4" }, { "vulnerability": "VCID-pb65-wunz-tye6" }, { "vulnerability": "VCID-q6zp-tnjb-pye3" }, { "vulnerability": "VCID-qhsm-g24v-k7gj" }, { "vulnerability": "VCID-qpnp-kehq-f7gm" }, { "vulnerability": "VCID-rp5d-6b4k-33g5" }, { "vulnerability": "VCID-rrh1-efbq-tugt" }, { "vulnerability": "VCID-rrz3-kbbd-eyhq" }, { "vulnerability": "VCID-spjh-4tvh-gyca" }, { "vulnerability": "VCID-tpbv-urbk-h7gf" }, { "vulnerability": "VCID-tq9d-mguz-8bhp" }, { "vulnerability": "VCID-txxg-bugj-6bd4" }, { "vulnerability": "VCID-u37t-naar-pbav" }, { "vulnerability": "VCID-uerm-mjrz-vyg4" }, { "vulnerability": "VCID-ufhy-fdmw-hkdv" }, { "vulnerability": "VCID-vjqh-59nn-5ude" }, { "vulnerability": "VCID-wcpf-w4c4-ubba" }, { "vulnerability": "VCID-x1gz-3d4a-1qdy" }, { "vulnerability": "VCID-xt5z-y1n5-37fn" }, { "vulnerability": "VCID-yckn-74u4-pkaw" }, { "vulnerability": "VCID-yh2p-b5px-b7hz" }, { "vulnerability": "VCID-yn5s-m3hv-7be8" }, { "vulnerability": "VCID-z4qa-mnne-pyay" }, { "vulnerability": "VCID-z8kb-6u51-8bd9" }, { "vulnerability": "VCID-zr1w-jzzj-a7gd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11" } ], "aliases": [ "CVE-2023-0787", "GHSA-gxxj-x426-xj2w" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwsu-pwxb-u3h5" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.0-alpha" }