{"url":"http://public2.vulnerablecode.io/api/packages/593045?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.0.4","type":"composer","namespace":"thorsten","name":"phpmyfaq","version":"3.0.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.3","latest_non_vulnerable_version":"4.1.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151195?format=json","vulnerability_id":"VCID-15bx-wfer-qygk","summary":"Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2429","reference_id":"","reference_type":"","scores":[{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.67132","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.67145","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.67146","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.6704","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2429"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2429","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2429"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24","reference_id":"07552f5577ff8b1e6f7cdefafcce9b2a744d3a24","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:57:44Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/07552f5577ff8b1e6f7cdefafcce9b2a744d3a24"},{"reference_url":"https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540","reference_id":"20d3a0b3-2693-4bf1-b196-10741201a540","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:57:44Z/"}],"url":"https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540"},{"reference_url":"https://github.com/advisories/GHSA-r69v-q48g-3966","reference_id":"GHSA-r69v-q48g-3966","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r69v-q48g-3966"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379352?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13"}],"aliases":["CVE-2023-2429","GHSA-r69v-q48g-3966"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15bx-wfer-qygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150958?format=json","vulnerability_id":"VCID-15yp-h3fj-pbb1","summary":"Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2427","reference_id":"","reference_type":"","scores":[{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47998","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47997","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.48013","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00243","scoring_system":"epss","scoring_elements":"0.47856","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2427"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2427","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2427"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b","reference_id":"514f4df2ad918e69575028d58b2e33aaf536e59b","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:53:09Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/514f4df2ad918e69575028d58b2e33aaf536e59b"},{"reference_url":"https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d","reference_id":"89005a6d-d019-4cb7-ae88-486d2d44190d","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:53:09Z/"}],"url":"https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d"},{"reference_url":"https://github.com/advisories/GHSA-5xq3-7mw9-wj5p","reference_id":"GHSA-5xq3-7mw9-wj5p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5xq3-7mw9-wj5p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379352?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13"}],"aliases":["CVE-2023-2427","GHSA-5xq3-7mw9-wj5p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15yp-h3fj-pbb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133603?format=json","vulnerability_id":"VCID-1kny-sn17-gbdz","summary":"Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5320","reference_id":"","reference_type":"","scores":[{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68283","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68293","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68295","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00544","scoring_system":"epss","scoring_elements":"0.68194","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5320"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5320","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5320"},{"reference_url":"https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67","reference_id":"3a2bc18b-5932-4fb5-a01e-24b2b0443b67","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:16:32Z/"}],"url":"https://huntr.dev/bounties/3a2bc18b-5932-4fb5-a01e-24b2b0443b67"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346","reference_id":"e92369543959772adcdab4f36c837faa27490346","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:16:32Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/e92369543959772adcdab4f36c837faa27490346"},{"reference_url":"https://github.com/advisories/GHSA-pp4w-g5p4-85p2","reference_id":"GHSA-pp4w-g5p4-85p2","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pp4w-g5p4-85p2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379656?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18"}],"aliases":["CVE-2023-5320","GHSA-pp4w-g5p4-85p2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kny-sn17-gbdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133707?format=json","vulnerability_id":"VCID-1q6p-7t7t-87e5","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5317","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20364","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20539","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2054","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20562","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5317"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5317","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5317"},{"reference_url":"https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54","reference_id":"5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:14Z/"}],"url":"https://huntr.dev/bounties/5e146e7c-60c7-498b-9ffe-fd4cb4ca8c54"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83","reference_id":"ec551bdf1566ede1e55f289888c446f877ad9a83","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:17:14Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/ec551bdf1566ede1e55f289888c446f877ad9a83"},{"reference_url":"https://github.com/advisories/GHSA-5jwv-m8h3-69cg","reference_id":"GHSA-5jwv-m8h3-69cg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5jwv-m8h3-69cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379656?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18"}],"aliases":["CVE-2023-5317","GHSA-5jwv-m8h3-69cg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1q6p-7t7t-87e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68252?format=json","vulnerability_id":"VCID-1qwx-htn1-4bg8","summary":"phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, extracting sensitive data including user credentials, admin tokens, and SMTP credentials from the database.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46364","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2036","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92161","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92165","published_at":"2026-06-14T12:55:00Z"},{"value":"0.07758","scoring_system":"epss","scoring_elements":"0.92167","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46364"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46364","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46364"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92","reference_id":"b9f25109fddb38eee19987183798638d07943f92","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/b9f25109fddb38eee19987183798638d07943f92"},{"reference_url":"https://github.com/advisories/GHSA-289f-fq7w-6q2w","reference_id":"GHSA-289f-fq7w-6q2w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-289f-fq7w-6q2w"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w","reference_id":"GHSA-289f-fq7w-6q2w","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-289f-fq7w-6q2w"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha","reference_id":"phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-15T22:11:13Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-via-user-agent-header-in-builtincaptcha"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46364","GHSA-289f-fq7w-6q2w"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qwx-htn1-4bg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148438?format=json","vulnerability_id":"VCID-1rpy-1jkw-w3fx","summary":"Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0880","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59851","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59854","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59863","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59743","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0880"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0880","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0880"},{"reference_url":"https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c","reference_id":"14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T15:56:55Z/"}],"url":"https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa","reference_id":"a67dca41576834a1ddfee61b9e799b686b75d4fa","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-18T15:56:55Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/a67dca41576834a1ddfee61b9e799b686b75d4fa"},{"reference_url":"https://github.com/advisories/GHSA-f9c6-4j9h-6c5r","reference_id":"GHSA-f9c6-4j9h-6c5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f9c6-4j9h-6c5r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0880","GHSA-f9c6-4j9h-6c5r"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rpy-1jkw-w3fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175148?format=json","vulnerability_id":"VCID-1v6k-n15u-1bcm","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3608","reference_id":"","reference_type":"","scores":[{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.668","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66907","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66892","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00509","scoring_system":"epss","scoring_elements":"0.66906","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3608"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677","reference_id":"37123edd50f854bd141e6fbe65221af2d5cf2677","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T19:13:51Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677"},{"reference_url":"https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850","reference_id":"8f0f3635-9d81-4c55-9826-2ba955c3a850","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-08T19:13:51Z/"}],"url":"https://huntr.dev/bounties/8f0f3635-9d81-4c55-9826-2ba955c3a850"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3608","reference_id":"CVE-2022-3608","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3608"},{"reference_url":"https://github.com/advisories/GHSA-6rj8-9cm9-6gff","reference_id":"GHSA-6rj8-9cm9-6gff","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6rj8-9cm9-6gff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27516?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-alpha"}],"aliases":["CVE-2022-3608","GHSA-6rj8-9cm9-6gff"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1v6k-n15u-1bcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133525?format=json","vulnerability_id":"VCID-2bb7-xtyn-dbcq","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5864","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25589","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25804","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25787","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5864"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5864","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5864"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa","reference_id":"b3e5a053b59dcc072d76a55d6ce0311ea30174fa","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T13:54:56Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/b3e5a053b59dcc072d76a55d6ce0311ea30174fa"},{"reference_url":"https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad","reference_id":"e4b0e8f4-5e06-49d1-832f-5756573623ad","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T13:54:56Z/"}],"url":"https://huntr.com/bounties/e4b0e8f4-5e06-49d1-832f-5756573623ad"},{"reference_url":"https://github.com/advisories/GHSA-g5hp-328h-jj98","reference_id":"GHSA-g5hp-328h-jj98","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g5hp-328h-jj98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379166?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/379134?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2"}],"aliases":["CVE-2023-5864","GHSA-g5hp-328h-jj98"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bb7-xtyn-dbcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59507?format=json","vulnerability_id":"VCID-2bsv-7dt5-6qcu","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55889","reference_id":"","reference_type":"","scores":[{"value":"0.09124","scoring_system":"epss","scoring_elements":"0.92857","published_at":"2026-06-11T12:55:00Z"},{"value":"0.09124","scoring_system":"epss","scoring_elements":"0.9288","published_at":"2026-06-12T12:55:00Z"},{"value":"0.09124","scoring_system":"epss","scoring_elements":"0.92881","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55889"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55889","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55889"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt","reference_id":"CVE-2024-55889","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52235.txt"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d","reference_id":"fa0f7368dc3288eedb1915def64ef8fb270f711d","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/fa0f7368dc3288eedb1915def64ef8fb270f711d"},{"reference_url":"https://github.com/advisories/GHSA-m3r7-8gw7-qwvc","reference_id":"GHSA-m3r7-8gw7-qwvc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3r7-8gw7-qwvc"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc","reference_id":"GHSA-m3r7-8gw7-qwvc","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-13T20:42:00Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-m3r7-8gw7-qwvc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372314?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.10"}],"aliases":["CVE-2024-55889","GHSA-m3r7-8gw7-qwvc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bsv-7dt5-6qcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133715?format=json","vulnerability_id":"VCID-2wd2-u5mg-suh4","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5867","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25377","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25375","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25392","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25178","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5867"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5867","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5867"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3","reference_id":"5310cb8c37dc3a5c5aead0898690b14705c433d3","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:16Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/5310cb8c37dc3a5c5aead0898690b14705c433d3"},{"reference_url":"https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0","reference_id":"5c09b32e-a041-4a1e-a277-eb3e80967df0","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T20:32:16Z/"}],"url":"https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0"},{"reference_url":"https://github.com/advisories/GHSA-prrv-r843-4p75","reference_id":"GHSA-prrv-r843-4p75","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prrv-r843-4p75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379134?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2"}],"aliases":["CVE-2023-5867","GHSA-prrv-r843-4p75"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wd2-u5mg-suh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144524?format=json","vulnerability_id":"VCID-4ej8-n833-fuf4","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1756","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41695","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41687","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41705","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41521","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1756"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1756","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1756"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726","reference_id":"ca75f4688a8b0f14d5d0697b9f4b6ea66088f726","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:43:35Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/ca75f4688a8b0f14d5d0697b9f4b6ea66088f726"},{"reference_url":"https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9","reference_id":"e495b443-b328-42f5-aed5-d68b929b4cb9","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:43:35Z/"}],"url":"https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9"},{"reference_url":"https://github.com/advisories/GHSA-8p48-ghv5-7qq7","reference_id":"GHSA-8p48-ghv5-7qq7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8p48-ghv5-7qq7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1756","GHSA-8p48-ghv5-7qq7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ej8-n833-fuf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168610?format=json","vulnerability_id":"VCID-569v-kyhm-6bd7","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4408","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45443","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45442","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45454","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45294","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4408"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4408","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4408"},{"reference_url":"https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea","reference_id":"2ec4ddd4-de22-4f2d-ba92-3382b452bfea","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:13Z/"}],"url":"https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751","reference_id":"e2ea332a2b5e798f2c39203b2489a2dabe831751","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:13Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/e2ea332a2b5e798f2c39203b2489a2dabe831751"},{"reference_url":"https://github.com/advisories/GHSA-rjf6-wj7r-5fj2","reference_id":"GHSA-rjf6-wj7r-5fj2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjf6-wj7r-5fj2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383967?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8hxw-rvte-33a1"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-btr7-sehp-zbac"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-dc77-t7y6-z3ab"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-fnfe-xws9-8bgg"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gsjf-hmab-ruew"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-m9y5-g412-zbeh"},{"vulnerability":"VCID-mt7j-r561-tubz"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-v4hc-w2g2-63f5"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-x4fs-3h7u-4bbe"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9"}],"aliases":["CVE-2022-4408","GHSA-rjf6-wj7r-5fj2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-569v-kyhm-6bd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83111?format=json","vulnerability_id":"VCID-57ev-2w6v-mbbs","summary":"phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the requester has configuration/admin permissions. Non-admin users can trigger a configuration backup and retrieve its path. The endpoint only checks authentication, not authorization, and returns a link to the generated ZIP. This issue is fixed in version 4.0.17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24421","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50491","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50496","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50509","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50358","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24421"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt","reference_id":"CVE-2026-24421","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52523.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24421","reference_id":"CVE-2026-24421","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24421"},{"reference_url":"https://github.com/advisories/GHSA-wm8h-26fv-mg7g","reference_id":"GHSA-wm8h-26fv-mg7g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wm8h-26fv-mg7g"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g","reference_id":"GHSA-wm8h-26fv-mg7g","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T16:14:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-wm8h-26fv-mg7g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38149?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/931970?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24421","GHSA-wm8h-26fv-mg7g"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57ev-2w6v-mbbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68191?format=json","vulnerability_id":"VCID-5pw3-qxh6-6ufr","summary":"phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId() method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution_id_{id}.html endpoint. Attackers can sequentially iterate solution IDs to discover all FAQs including those restricted to specific users or groups, leaking sensitive metadata through redirect Location headers and page canonical links.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46366","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2355","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23541","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23563","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23355","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46366"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46366","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46366"},{"reference_url":"https://github.com/advisories/GHSA-99qv-g4x9-mgc3","reference_id":"GHSA-99qv-g4x9-mgc3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99qv-g4x9-mgc3"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3","reference_id":"GHSA-99qv-g4x9-mgc3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-99qv-g4x9-mgc3"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass","reference_id":"phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:16:45Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-information-disclosure-via-getidfromsolutionid-permission-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46366","GHSA-99qv-g4x9-mgc3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pw3-qxh6-6ufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102633?format=json","vulnerability_id":"VCID-5wsg-7979-dqgs","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitation can lead to a full compromise of the database, including reading, modifying, or deleting all data, as well as potential remote code execution depending on the database configuration. This issue has been patched in version 4.0.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62519","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30546","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.3035","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35551","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35568","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62519"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14","reference_id":"4.0.13...4.0.14","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/compare/4.0.13...4.0.14"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62519","reference_id":"CVE-2025-62519","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62519"},{"reference_url":"https://github.com/advisories/GHSA-fxm2-cmwj-qvx4","reference_id":"GHSA-fxm2-cmwj-qvx4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxm2-cmwj-qvx4"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4","reference_id":"GHSA-fxm2-cmwj-qvx4","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-17T16:59:03Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-fxm2-cmwj-qvx4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35278?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-x8f6-wx6k-f3d5"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.14"}],"aliases":["CVE-2025-62519","GHSA-fxm2-cmwj-qvx4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wsg-7979-dqgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83252?format=json","vulnerability_id":"VCID-6jmj-n5mz-bba8","summary":"phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in attachment.php. Additionally, the group and user permission logic contains a flawed conditional expression that may allow unauthorized access. This issue has been fixed in version","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24420","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03833","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03857","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03844","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03854","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24420"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24420","reference_id":"CVE-2026-24420","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24420"},{"reference_url":"https://github.com/advisories/GHSA-7p9h-m7m8-vhhv","reference_id":"GHSA-7p9h-m7m8-vhhv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7p9h-m7m8-vhhv"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv","reference_id":"GHSA-7p9h-m7m8-vhhv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T15:00:41Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7p9h-m7m8-vhhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38149?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/931970?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24420","GHSA-7p9h-m7m8-vhhv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jmj-n5mz-bba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133816?format=json","vulnerability_id":"VCID-6w5z-nvj8-wke8","summary":"Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5865","reference_id":"","reference_type":"","scores":[{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.5547","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55592","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.5559","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0032","scoring_system":"epss","scoring_elements":"0.55605","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5865"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5865","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5865"},{"reference_url":"https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff","reference_id":"4c4b7395-d9fd-4ca0-98d7-2e20c1249aff","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T14:18:18Z/"}],"url":"https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5","reference_id":"5f43786f52c3d517e7665abd25d534e180e08dc5","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-06T14:18:18Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/5f43786f52c3d517e7665abd25d534e180e08dc5"},{"reference_url":"https://github.com/advisories/GHSA-f728-prhw-2g68","reference_id":"GHSA-f728-prhw-2g68","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f728-prhw-2g68"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379134?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2"}],"aliases":["CVE-2023-5865","GHSA-f728-prhw-2g68"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6w5z-nvj8-wke8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68138?format=json","vulnerability_id":"VCID-7tpb-1avq-zfhu","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass html_entity_decode(strip_tags()) processing in SearchController.php, executing arbitrary JavaScript in every visitor's browser context including administrators.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46361","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01334","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01347","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01344","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01337","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46361"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46361","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46361"},{"reference_url":"https://github.com/advisories/GHSA-pqh6-8fxf-jx22","reference_id":"GHSA-pqh6-8fxf-jx22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pqh6-8fxf-jx22"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22","reference_id":"GHSA-pqh6-8fxf-jx22","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pqh6-8fxf-jx22"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig","reference_id":"phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:17:36Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-cross-site-scripting-via-raw-filter-in-search-twig"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46361","GHSA-pqh6-8fxf-jx22"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7tpb-1avq-zfhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144366?format=json","vulnerability_id":"VCID-8fkr-xfw6-ffcj","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1759","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45971","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46109","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46116","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46123","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1759"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1759","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1759"},{"reference_url":"https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1","reference_id":"e8109aed-d364-4c0c-9545-4de0347b10e1","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:45:28Z/"}],"url":"https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa","reference_id":"ecbd8107fe954b6be95dab315862d1caa0b94efa","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T18:45:28Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/ecbd8107fe954b6be95dab315862d1caa0b94efa"},{"reference_url":"https://github.com/advisories/GHSA-4wfc-ghv5-2v7j","reference_id":"GHSA-4wfc-ghv5-2v7j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wfc-ghv5-2v7j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1759","GHSA-4wfc-ghv5-2v7j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fkr-xfw6-ffcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148160?format=json","vulnerability_id":"VCID-8hxw-rvte-33a1","summary":"Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0314","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54594","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54595","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54611","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54469","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0314"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0314","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0314"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98","reference_id":"3872e7eac2ddeac182fc1335cc312d1392d56f98","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:14:16Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/3872e7eac2ddeac182fc1335cc312d1392d56f98"},{"reference_url":"https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67","reference_id":"eac0a9d7-9721-4191-bef3-d43b0df59c67","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:14:16Z/"}],"url":"https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67"},{"reference_url":"https://github.com/advisories/GHSA-m9xr-8cx7-53pj","reference_id":"GHSA-m9xr-8cx7-53pj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9xr-8cx7-53pj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0314","GHSA-m9xr-8cx7-53pj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hxw-rvte-33a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69892?format=json","vulnerability_id":"VCID-8k51-budg-h3ak","summary":"phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use userIsAuthenticated() instead of userHasPermission(CONFIGURATION_EDIT). Any authenticated user can enumerate system configuration metadata including permission model, cache backend, mail provider, and translation provider by querying /admin/api/configuration endpoints, violating least privilege access control.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45007","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01073","published_at":"2026-06-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01082","published_at":"2026-06-14T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0108","published_at":"2026-06-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01076","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45007"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45007","reference_id":"CVE-2026-45007","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45007"},{"reference_url":"https://github.com/advisories/GHSA-rm98-82fr-mcfx","reference_id":"GHSA-rm98-82fr-mcfx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rm98-82fr-mcfx"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx","reference_id":"GHSA-rm98-82fr-mcfx","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-rm98-82fr-mcfx"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure","reference_id":"phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-16T01:16:25Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-missing-permission-check-on-12-configuration-api-endpoints-allows-information-disclosure"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45007","GHSA-rm98-82fr-mcfx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8k51-budg-h3ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144585?format=json","vulnerability_id":"VCID-8tff-qn8m-r3hc","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1875","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42388","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4241","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42223","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42399","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1875"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1875","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1875"},{"reference_url":"https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61","reference_id":"39715aaf-e798-4c60-97c4-45f4f2cd5c61","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:36:40Z/"}],"url":"https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a","reference_id":"dcf7dd43a3412aa951d7087b86a8b917fae2133a","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T19:36:40Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/dcf7dd43a3412aa951d7087b86a8b917fae2133a"},{"reference_url":"https://github.com/advisories/GHSA-ch5w-2994-6h82","reference_id":"GHSA-ch5w-2994-6h82","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ch5w-2994-6h82"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1875","GHSA-ch5w-2994-6h82"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tff-qn8m-r3hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150844?format=json","vulnerability_id":"VCID-8vqk-5ha5-4bae","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2753","reference_id":"","reference_type":"","scores":[{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43858","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43847","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.43868","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.4369","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2753"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2753","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2753"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba","reference_id":"5401ab75d022932b8d5d7adaa771acf44fed18ba","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T18:09:09Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/5401ab75d022932b8d5d7adaa771acf44fed18ba"},{"reference_url":"https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628","reference_id":"eca2284d-e81a-4ab8-91bb-7afeca557628","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T18:09:09Z/"}],"url":"https://huntr.dev/bounties/eca2284d-e81a-4ab8-91bb-7afeca557628"},{"reference_url":"https://github.com/advisories/GHSA-vppq-6ff8-2m8w","reference_id":"GHSA-vppq-6ff8-2m8w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vppq-6ff8-2m8w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381986?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.0-beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta"}],"aliases":["CVE-2023-2753","GHSA-vppq-6ff8-2m8w"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vqk-5ha5-4bae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359189?format=json","vulnerability_id":"VCID-9mx6-54u5-fugf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34974","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.127","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1279","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12799","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12781","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34974"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-5crx-pfhq-4hgg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34974","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34974"},{"reference_url":"https://github.com/advisories/GHSA-5crx-pfhq-4hgg","reference_id":"GHSA-5crx-pfhq-4hgg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5crx-pfhq-4hgg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373289?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-34974","GHSA-5crx-pfhq-4hgg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mx6-54u5-fugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144270?format=json","vulnerability_id":"VCID-ajev-ydxv-nbd5","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1879","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49915","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49901","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49896","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49759","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1879"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/a2642195e9fcb9a6f151bfaa4ff20bf1b905da2e","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/commit/a2642195e9fcb9a6f151bfaa4ff20bf1b905da2e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1879","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1879"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91","reference_id":"0dc8e527c375007cd4b8dbf61f7167393a6f6e91","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:39:54Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/0dc8e527c375007cd4b8dbf61f7167393a6f6e91"},{"reference_url":"https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334","reference_id":"1dc7f818-c8ea-4f80-b000-31b48a426334","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T20:39:54Z/"}],"url":"https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334"},{"reference_url":"https://github.com/advisories/GHSA-m9qm-m5w5-9pgj","reference_id":"GHSA-m9qm-m5w5-9pgj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9qm-m5w5-9pgj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1879","GHSA-m9qm-m5w5-9pgj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajev-ydxv-nbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144870?format=json","vulnerability_id":"VCID-aku3-vveb-gugg","summary":"Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1886","reference_id":"","reference_type":"","scores":[{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78689","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78685","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78672","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78606","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1886"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1886","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1886"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a","reference_id":"27eaaae16850694634ac52416a0bd38b35d7330a","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:06Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/27eaaae16850694634ac52416a0bd38b35d7330a"},{"reference_url":"https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a","reference_id":"b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:06Z/"}],"url":"https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a"},{"reference_url":"https://github.com/advisories/GHSA-4cr4-x82x-hwm9","reference_id":"GHSA-4cr4-x82x-hwm9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4cr4-x82x-hwm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1886","GHSA-4cr4-x82x-hwm9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aku3-vveb-gugg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148546?format=json","vulnerability_id":"VCID-ax4d-t793-8bas","summary":"Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0786","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62484","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62491","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62496","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62383","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0786"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0786","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0786"},{"reference_url":"https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f","reference_id":"8c74ccab-0d1d-4c6b-a0fa-803aa65de04f","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:47:29Z/"}],"url":"https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f","reference_id":"ce676eb9e9d8cb7864f36ee124e838b1ad15415f","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:47:29Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/ce676eb9e9d8cb7864f36ee124e838b1ad15415f"},{"reference_url":"https://github.com/advisories/GHSA-jfpg-jggf-rpph","reference_id":"GHSA-jfpg-jggf-rpph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfpg-jggf-rpph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0786","GHSA-jfpg-jggf-rpph"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax4d-t793-8bas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144505?format=json","vulnerability_id":"VCID-b214-zgc8-4qdh","summary":"Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1882","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58378","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58495","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.5849","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58506","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1882"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1882","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1882"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2","reference_id":"49db615c300ae0f87795f20570f6f5bdccb1d2f2","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T19:49:38Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/49db615c300ae0f87795f20570f6f5bdccb1d2f2"},{"reference_url":"https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957","reference_id":"8ab09a1c-cfd5-4ce0-aae3-d33c93318957","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T19:49:38Z/"}],"url":"https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957"},{"reference_url":"https://github.com/advisories/GHSA-jph3-3j24-pg3j","reference_id":"GHSA-jph3-3j24-pg3j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jph3-3j24-pg3j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1882","GHSA-jph3-3j24-pg3j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b214-zgc8-4qdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144606?format=json","vulnerability_id":"VCID-b4yy-mtkz-hybq","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1878","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51479","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51492","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51347","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1878"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1878","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1878"},{"reference_url":"https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc","reference_id":"93f981a3-231d-460d-a239-bb960e8c2fdc","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:40:29Z/"}],"url":"https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417","reference_id":"e018823f8e3bca103c11e5a98b0dd469e41ed417","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:40:29Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/e018823f8e3bca103c11e5a98b0dd469e41ed417"},{"reference_url":"https://github.com/advisories/GHSA-gcmq-7652-x98j","reference_id":"GHSA-gcmq-7652-x98j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcmq-7652-x98j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1878","GHSA-gcmq-7652-x98j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4yy-mtkz-hybq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30801?format=json","vulnerability_id":"VCID-b64e-gffa-5kg7","summary":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54141","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60264","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60258","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60253","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60147","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54141"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54141","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54141"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe","reference_id":"b9289a0b2233df864361c131cd177b6715fbb0fe","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/b9289a0b2233df864361c131cd177b6715fbb0fe"},{"reference_url":"https://github.com/advisories/GHSA-vrjr-p3xp-xx2x","reference_id":"GHSA-vrjr-p3xp-xx2x","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrjr-p3xp-xx2x"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x","reference_id":"GHSA-vrjr-p3xp-xx2x","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-06T17:10:25Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-vrjr-p3xp-xx2x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372524?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5ez6-qnbc-nfgb"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.0"}],"aliases":["CVE-2024-54141","GHSA-vrjr-p3xp-xx2x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b64e-gffa-5kg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144875?format=json","vulnerability_id":"VCID-bfsb-58cj-mfaa","summary":"Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1758","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51479","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51492","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51347","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1758"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1758","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1758"},{"reference_url":"https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c","reference_id":"0854328e-eb00-41a3-9573-8da8f00e369c","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:42:37Z/"}],"url":"https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57","reference_id":"f3380f46c464d1bc6f3ded29213c79be0de8fc57","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:42:37Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/f3380f46c464d1bc6f3ded29213c79be0de8fc57"},{"reference_url":"https://github.com/advisories/GHSA-3j93-7rf7-p7m6","reference_id":"GHSA-3j93-7rf7-p7m6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3j93-7rf7-p7m6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1758","GHSA-3j93-7rf7-p7m6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfsb-58cj-mfaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148601?format=json","vulnerability_id":"VCID-btr7-sehp-zbac","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0312","reference_id":"","reference_type":"","scores":[{"value":"0.00674","scoring_system":"epss","scoring_elements":"0.71926","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00674","scoring_system":"epss","scoring_elements":"0.7202","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00674","scoring_system":"epss","scoring_elements":"0.7201","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00674","scoring_system":"epss","scoring_elements":"0.72023","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0312"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0312","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0312"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a","reference_id":"65d419ca04111ee2612ae81cdd59753654cfe18a","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:16:33Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/65d419ca04111ee2612ae81cdd59753654cfe18a"},{"reference_url":"https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9","reference_id":"f50ec8d1-cd60-4c2d-9ab8-3711870d83b9","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:16:33Z/"}],"url":"https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9"},{"reference_url":"https://github.com/advisories/GHSA-6449-vf6p-9hfp","reference_id":"GHSA-6449-vf6p-9hfp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6449-vf6p-9hfp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0312","GHSA-6449-vf6p-9hfp"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-btr7-sehp-zbac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151162?format=json","vulnerability_id":"VCID-c229-su7g-v3dg","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2550","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45971","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46109","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46116","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46123","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2550"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2550","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2550"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf","reference_id":"20ac51594db11604a4518aacc28a51f67d4f11bf","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:14:20Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/20ac51594db11604a4518aacc28a51f67d4f11bf"},{"reference_url":"https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b","reference_id":"840c8d91-c97e-4116-a9f8-4ab1a38d239b","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"},{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-29T17:14:20Z/"}],"url":"https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b"},{"reference_url":"https://github.com/advisories/GHSA-5mf7-p346-7rm8","reference_id":"GHSA-5mf7-p346-7rm8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5mf7-p346-7rm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379352?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13"}],"aliases":["CVE-2023-2550","GHSA-5mf7-p346-7rm8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c229-su7g-v3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144899?format=json","vulnerability_id":"VCID-cjzd-5q9t-nfek","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1760","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5517","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.55167","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.55183","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.55045","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1760"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1760","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1760"},{"reference_url":"https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5","reference_id":"2d0ac48a-490d-4548-8d98-7447042dd1b5","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:44:48Z/"}],"url":"https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770","reference_id":"56295b54062a284020fccce12a5044f9fa7d2770","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:44:48Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/56295b54062a284020fccce12a5044f9fa7d2770"},{"reference_url":"https://github.com/advisories/GHSA-7q9c-f2v8-j8gw","reference_id":"GHSA-7q9c-f2v8-j8gw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7q9c-f2v8-j8gw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1760","GHSA-7q9c-f2v8-j8gw"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjzd-5q9t-nfek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138201?format=json","vulnerability_id":"VCID-cnr9-cykp-bbaw","summary":"phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-53929","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22218","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.2224","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22228","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22038","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-53929"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://www.phpmyfaq.de","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.phpmyfaq.de"},{"reference_url":"https://www.exploit-db.com/exploits/51399","reference_id":"51399","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/"}],"url":"https://www.exploit-db.com/exploits/51399"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53929","reference_id":"CVE-2023-53929","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53929"},{"reference_url":"https://github.com/advisories/GHSA-x2v3-9p22-w3x6","reference_id":"GHSA-x2v3-9p22-w3x6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2v3-9p22-w3x6"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export","reference_id":"phpmyfaq-csv-injection-via-user-profile-export","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-csv-injection-via-user-profile-export"},{"reference_url":"https://www.phpmyfaq.de/","reference_id":"www.phpmyfaq.de","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:48:03Z/"}],"url":"https://www.phpmyfaq.de/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379352?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13"}],"aliases":["CVE-2023-53929","GHSA-x2v3-9p22-w3x6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cnr9-cykp-bbaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148162?format=json","vulnerability_id":"VCID-dc77-t7y6-z3ab","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0309","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.481","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.48099","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.48115","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47959","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0309"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0309","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0309"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b","reference_id":"376d1d3e5a42edf07260e98461d2fddbee74419b","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:22:09Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/376d1d3e5a42edf07260e98461d2fddbee74419b"},{"reference_url":"https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6","reference_id":"c03c5925-43ff-450d-9827-2b65a3307ed6","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:22:09Z/"}],"url":"https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6"},{"reference_url":"https://github.com/advisories/GHSA-25c3-7fvj-v45j","reference_id":"GHSA-25c3-7fvj-v45j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-25c3-7fvj-v45j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0309","GHSA-25c3-7fvj-v45j"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc77-t7y6-z3ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175149?format=json","vulnerability_id":"VCID-e3h4-tm9q-dufz","summary":"Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3754","reference_id":"","reference_type":"","scores":[{"value":"0.00921","scoring_system":"epss","scoring_elements":"0.76511","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00921","scoring_system":"epss","scoring_elements":"0.76506","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00921","scoring_system":"epss","scoring_elements":"0.76427","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00921","scoring_system":"epss","scoring_elements":"0.76497","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3754"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3754","reference_id":"CVE-2022-3754","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3754"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea","reference_id":"d7a87d2646287828c70401ca8976ef531fbc77ea","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea"},{"reference_url":"https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47","reference_id":"f4711d7f-1368-48ab-9bef-45f32e356c47","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:12:28Z/"}],"url":"https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47"},{"reference_url":"https://github.com/advisories/GHSA-2rr3-rv49-p42f","reference_id":"GHSA-2rr3-rv49-p42f","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rr3-rv49-p42f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27673?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-569v-kyhm-6bd7"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8hxw-rvte-33a1"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-btr7-sehp-zbac"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-dc77-t7y6-z3ab"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-fnfe-xws9-8bgg"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gsjf-hmab-ruew"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-m9y5-g412-zbeh"},{"vulnerability":"VCID-mt7j-r561-tubz"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-v4hc-w2g2-63f5"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-x4fs-3h7u-4bbe"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-ygjv-jn67-p3h9"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-ztw9-5sne-p3e9"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8"}],"aliases":["CVE-2022-3754","GHSA-2rr3-rv49-p42f"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e3h4-tm9q-dufz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133764?format=json","vulnerability_id":"VCID-e4ep-gxfy-jbah","summary":"Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5866","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08249","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0828","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08286","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.08282","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5866"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5866","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5866"},{"reference_url":"https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945","reference_id":"ec44bcba-ae7f-497a-851e-8165ecf56945","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:56:51Z/"}],"url":"https://huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55","reference_id":"fdacff14acd5e69841068f0e32b59e2d1b1d0d55","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T19:56:51Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55"},{"reference_url":"https://github.com/advisories/GHSA-34w4-wrqp-j47g","reference_id":"GHSA-34w4-wrqp-j47g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-34w4-wrqp-j47g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379166?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.1"}],"aliases":["CVE-2023-5866","GHSA-34w4-wrqp-j47g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ep-gxfy-jbah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148562?format=json","vulnerability_id":"VCID-e6u1-1y99-5khx","summary":"Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0789","reference_id":"","reference_type":"","scores":[{"value":"0.07757","scoring_system":"epss","scoring_elements":"0.92164","published_at":"2026-06-14T12:55:00Z"},{"value":"0.07757","scoring_system":"epss","scoring_elements":"0.9216","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07757","scoring_system":"epss","scoring_elements":"0.92166","published_at":"2026-06-13T12:55:00Z"},{"value":"0.07757","scoring_system":"epss","scoring_elements":"0.92133","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0789"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0789","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0789"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb","reference_id":"40515c74815ace394ab23c6c19cbb33fd49059cb","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:50:05Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cb"},{"reference_url":"https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5","reference_id":"d9375178-2f23-4f5d-88bd-bba3d6ba7cc5","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:50:05Z/"}],"url":"https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5"},{"reference_url":"https://github.com/advisories/GHSA-6vp5-vv9p-7q62","reference_id":"GHSA-6vp5-vv9p-7q62","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6vp5-vv9p-7q62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0789","GHSA-6vp5-vv9p-7q62"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6u1-1y99-5khx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68143?format=json","vulnerability_id":"VCID-ecpv-3xqn-eqf8","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_EDIT permission can upload malicious SVG files with deeply nested ampersand encoding around numeric HTML entities to reconstruct javascript: URLs, which execute arbitrary JavaScript when clicked by other users viewing the uploaded SVG.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46360","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08945","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08939","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08949","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08901","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46360"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46360","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46360"},{"reference_url":"https://github.com/advisories/GHSA-whqh-9pq5-c7r3","reference_id":"GHSA-whqh-9pq5-c7r3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whqh-9pq5-c7r3"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3","reference_id":"GHSA-whqh-9pq5-c7r3","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-whqh-9pq5-c7r3"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer","reference_id":"phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:15:56Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-via-entity-decoding-depth-limit-bypass-in-svg-sanitizer"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46360","GHSA-whqh-9pq5-c7r3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecpv-3xqn-eqf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80126?format=json","vulnerability_id":"VCID-emzq-e5ru-w3cx","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 4.0.18, the WebAuthn prepare endpoint (`/api/webauthn/prepare`) creates new active user accounts without any authentication, CSRF protection, captcha, or configuration checks. This allows unauthenticated attackers to create unlimited user accounts even when registration is disabled. Version 4.0.18 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27836","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19686","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19689","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19515","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.1971","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27836"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27836","reference_id":"CVE-2026-27836","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27836"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1","reference_id":"f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/f2ab673f0668753cd0f7c7c8bc7fd2304dcf5cb1"},{"reference_url":"https://github.com/advisories/GHSA-w22q-m2fm-x9f4","reference_id":"GHSA-w22q-m2fm-x9f4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w22q-m2fm-x9f4"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4","reference_id":"GHSA-w22q-m2fm-x9f4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:24:53Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-w22q-m2fm-x9f4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39980?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.18"},{"url":"http://public2.vulnerablecode.io/api/packages/931970?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-27836","GHSA-w22q-m2fm-x9f4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emzq-e5ru-w3cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148289?format=json","vulnerability_id":"VCID-fnfe-xws9-8bgg","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0310","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55301","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55298","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55314","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55177","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0310"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0310","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0310"},{"reference_url":"https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a","reference_id":"051d5e20-7fab-4769-bd7d-d986b804bb5a","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:20:16Z/"}],"url":"https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142","reference_id":"53099a9bcc928f5f6f7cce111c04b79a72a04142","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:20:16Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/53099a9bcc928f5f6f7cce111c04b79a72a04142"},{"reference_url":"https://github.com/advisories/GHSA-9jff-8xmm-mw22","reference_id":"GHSA-9jff-8xmm-mw22","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9jff-8xmm-mw22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0310","GHSA-9jff-8xmm-mw22"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnfe-xws9-8bgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144353?format=json","vulnerability_id":"VCID-gj1u-m1qq-1qb1","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1885","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4241","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42399","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42388","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42223","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1885"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1885","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1885"},{"reference_url":"https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8","reference_id":"bce84c02-abb2-474f-a67b-1468c9dcabb8","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:30Z/"}],"url":"https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024","reference_id":"fecc803ab9c3e82718c4bcea7fe919d7a22ec024","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:47:30Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/fecc803ab9c3e82718c4bcea7fe919d7a22ec024"},{"reference_url":"https://github.com/advisories/GHSA-xxm6-ff3x-v4vm","reference_id":"GHSA-xxm6-ff3x-v4vm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxm6-ff3x-v4vm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1885","GHSA-xxm6-ff3x-v4vm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gj1u-m1qq-1qb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144330?format=json","vulnerability_id":"VCID-gnxm-rq5g-g3d9","summary":"Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1887","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5409","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54221","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54216","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54233","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1887"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1887","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1887"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89","reference_id":"400d9cd988d3287515c56b2ad6343026966f1a89","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:46:37Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/400d9cd988d3287515c56b2ad6343026966f1a89"},{"reference_url":"https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1","reference_id":"e4a58835-96b5-412c-a17e-3ceed30231e1","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:46:37Z/"}],"url":"https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1"},{"reference_url":"https://github.com/advisories/GHSA-gx43-fqrx-6fcw","reference_id":"GHSA-gx43-fqrx-6fcw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gx43-fqrx-6fcw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1887","GHSA-gx43-fqrx-6fcw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnxm-rq5g-g3d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148120?format=json","vulnerability_id":"VCID-gsjf-hmab-ruew","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0308","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47959","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.481","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.48099","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.48115","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0308"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0308","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0308"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f","reference_id":"810ee26d25c3d97664532861863099952f0e9a1f","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:23:14Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/810ee26d25c3d97664532861863099952f0e9a1f"},{"reference_url":"https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69","reference_id":"83cfed62-af8b-4aaa-94f2-5a33dc0c2d69","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:23:14Z/"}],"url":"https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69"},{"reference_url":"https://github.com/advisories/GHSA-w475-749h-c77m","reference_id":"GHSA-w475-749h-c77m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w475-749h-c77m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0308","GHSA-w475-749h-c77m"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsjf-hmab-ruew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144642?format=json","vulnerability_id":"VCID-gvt4-1vk8-8fbx","summary":"Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1883","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60967","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61079","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61073","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61081","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1883"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1883","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1883"},{"reference_url":"https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191","reference_id":"2f1e417d-cf64-4cfb-954b-3a9cb2f38191","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:04Z/"}],"url":"https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503","reference_id":"db77df888178766987398597d4f153831c62a503","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:49:04Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/db77df888178766987398597d4f153831c62a503"},{"reference_url":"https://github.com/advisories/GHSA-2wjp-w7g7-h63q","reference_id":"GHSA-2wjp-w7g7-h63q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2wjp-w7g7-h63q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1883","GHSA-2wjp-w7g7-h63q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvt4-1vk8-8fbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151851?format=json","vulnerability_id":"VCID-h2wj-7wb2-x3hz","summary":"Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3469","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.39935","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40116","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40104","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.40127","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3469"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3469","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3469"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278","reference_id":"04a0183c25dd425f4c2bfb5f75b7650b932ae278","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:03:49Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/04a0183c25dd425f4c2bfb5f75b7650b932ae278"},{"reference_url":"https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca","reference_id":"3565cfc9-82c4-4db8-9b8f-494dd81b56ca","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:03:49Z/"}],"url":"https://huntr.dev/bounties/3565cfc9-82c4-4db8-9b8f-494dd81b56ca"},{"reference_url":"https://github.com/advisories/GHSA-v6g2-jwrm-h5r5","reference_id":"GHSA-v6g2-jwrm-h5r5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6g2-jwrm-h5r5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381806?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.0-beta.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta.2"}],"aliases":["CVE-2023-3469","GHSA-v6g2-jwrm-h5r5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h2wj-7wb2-x3hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175117?format=json","vulnerability_id":"VCID-h499-pfbv-t7hr","summary":"Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3766","reference_id":"","reference_type":"","scores":[{"value":"0.2358","scoring_system":"epss","scoring_elements":"0.96118","published_at":"2026-06-13T12:55:00Z"},{"value":"0.2358","scoring_system":"epss","scoring_elements":"0.9612","published_at":"2026-06-14T12:55:00Z"},{"value":"0.2358","scoring_system":"epss","scoring_elements":"0.96117","published_at":"2026-06-12T12:55:00Z"},{"value":"0.2358","scoring_system":"epss","scoring_elements":"0.96106","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3766"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d","reference_id":"c7904f2236c6c0dd64c2226b90c30af0f7e5a72d","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:09:19Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52445.txt","reference_id":"CVE-2022-3766","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52445.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3766","reference_id":"CVE-2022-3766","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3766"},{"reference_url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md","reference_id":"CVE-2022-3766.MD","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md"},{"reference_url":"https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983","reference_id":"d9666520-4ff5-43bb-aacf-50c8e5570983","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-05T14:09:19Z/"}],"url":"https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983"},{"reference_url":"https://github.com/advisories/GHSA-mg5h-rhjq-6v84","reference_id":"GHSA-mg5h-rhjq-6v84","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg5h-rhjq-6v84"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27673?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-569v-kyhm-6bd7"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8hxw-rvte-33a1"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-btr7-sehp-zbac"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-dc77-t7y6-z3ab"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-fnfe-xws9-8bgg"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gsjf-hmab-ruew"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-m9y5-g412-zbeh"},{"vulnerability":"VCID-mt7j-r561-tubz"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-v4hc-w2g2-63f5"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-x4fs-3h7u-4bbe"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-ygjv-jn67-p3h9"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-ztw9-5sne-p3e9"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8"}],"aliases":["CVE-2022-3766","GHSA-mg5h-rhjq-6v84"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h499-pfbv-t7hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144314?format=json","vulnerability_id":"VCID-hygm-7h9w-x7cs","summary":"Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1762","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58579","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58695","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58691","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58706","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1762"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1762","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1762"},{"reference_url":"https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a","reference_id":"3c2374cc-7082-44b7-a6a6-ccff7a650a3a","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:00:40Z/"}],"url":"https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514","reference_id":"ae6c1d8c3eab05d6e2227c7a9998707f4f891514","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-12T16:00:40Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/ae6c1d8c3eab05d6e2227c7a9998707f4f891514"},{"reference_url":"https://github.com/advisories/GHSA-xww4-w6ff-5q3g","reference_id":"GHSA-xww4-w6ff-5q3g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xww4-w6ff-5q3g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1762","GHSA-xww4-w6ff-5q3g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hygm-7h9w-x7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148474?format=json","vulnerability_id":"VCID-jq9j-su28-xken","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0791","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.563","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56298","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56312","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.56178","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0791"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://huntr.com/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0791","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0791"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce","reference_id":"26663efcb0b67e421e4ecccad8f19e7106bb03ce","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:48:30Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/26663efcb0b67e421e4ecccad8f19e7106bb03ce"},{"reference_url":"https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d","reference_id":"7152b340-c6f3-4ac8-9f62-f764a267488d","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:48:30Z/"}],"url":"https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d"},{"reference_url":"https://github.com/advisories/GHSA-c38p-vw6j-qjpr","reference_id":"GHSA-c38p-vw6j-qjpr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c38p-vw6j-qjpr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0791","GHSA-c38p-vw6j-qjpr"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jq9j-su28-xken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144470?format=json","vulnerability_id":"VCID-kfmg-41jk-qfh6","summary":"Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1755","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63486","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63478","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6349","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63376","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1755"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1755","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1755"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994","reference_id":"2156573100fd3abf4c65270def77aed20ffc8994","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:59:13Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/2156573100fd3abf4c65270def77aed20ffc8994"},{"reference_url":"https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a","reference_id":"882ffa07-5397-4dbb-886f-4626859d711a","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-11T18:59:13Z/"}],"url":"https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a"},{"reference_url":"https://github.com/advisories/GHSA-hp8m-g55r-9cfq","reference_id":"GHSA-hp8m-g55r-9cfq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hp8m-g55r-9cfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1755","GHSA-hp8m-g55r-9cfq"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfmg-41jk-qfh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/358507?format=json","vulnerability_id":"VCID-kppj-ng9a-9fhs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6889","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29793","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29991","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30007","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.2999","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6889"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq/commit/1037a8f012e0d9ec4bf4c8107972f6695e381392"},{"reference_url":"https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/52897778-fad7-4169-bf04-a68a0646df0c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6889","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6889"},{"reference_url":"https://github.com/advisories/GHSA-w8xj-992g-842f","reference_id":"GHSA-w8xj-992g-842f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8xj-992g-842f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380139?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.17"}],"aliases":["CVE-2023-6889","GHSA-w8xj-992g-842f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kppj-ng9a-9fhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148034?format=json","vulnerability_id":"VCID-m9y5-g412-zbeh","summary":"Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0307","reference_id":"","reference_type":"","scores":[{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74496","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74507","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.74423","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00796","scoring_system":"epss","scoring_elements":"0.7451","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0307"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0307","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0307"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596","reference_id":"8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:25:12Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/8beed2fca5b0b82c6ba866d0ffd286d0c1fbf596"},{"reference_url":"https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215","reference_id":"fac01e9f-e3e5-4985-94ad-59a76485f215","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:25:12Z/"}],"url":"https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215"},{"reference_url":"https://github.com/advisories/GHSA-4p88-cfhq-f3vg","reference_id":"GHSA-4p88-cfhq-f3vg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p88-cfhq-f3vg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0307","GHSA-4p88-cfhq-f3vg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9y5-g412-zbeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148591?format=json","vulnerability_id":"VCID-mt7j-r561-tubz","summary":"Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0311","reference_id":"","reference_type":"","scores":[{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80793","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80855","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80853","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01393","scoring_system":"epss","scoring_elements":"0.80863","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0311"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0311","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0311"},{"reference_url":"https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857","reference_id":"82b0b629-c56b-4651-af3f-17f749751857","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:18:50Z/"}],"url":"https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214","reference_id":"fe6e9f02ef1b26a03134b9becda12687ee5f3214","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-07T15:18:50Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/fe6e9f02ef1b26a03134b9becda12687ee5f3214"},{"reference_url":"https://github.com/advisories/GHSA-g92r-9rxw-cmgx","reference_id":"GHSA-g92r-9rxw-cmgx","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g92r-9rxw-cmgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0311","GHSA-g92r-9rxw-cmgx"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mt7j-r561-tubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150990?format=json","vulnerability_id":"VCID-naqh-qumg-37gh","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2428","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37936","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37949","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37961","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37759","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2428"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2428","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2428"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab","reference_id":"0a4980d870bac92df945f6d022726c4e3ed584ab","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:58:27Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/0a4980d870bac92df945f6d022726c4e3ed584ab"},{"reference_url":"https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e","reference_id":"cee65b6d-b003-4e6a-9d14-89aa94bee43e","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T16:58:27Z/"}],"url":"https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e"},{"reference_url":"https://github.com/advisories/GHSA-8595-6653-96p2","reference_id":"GHSA-8595-6653-96p2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8595-6653-96p2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379352?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.13"}],"aliases":["CVE-2023-2428","GHSA-8595-6653-96p2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-naqh-qumg-37gh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83223?format=json","vulnerability_id":"VCID-p68j-sbvd-yuh4","summary":"phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() endpoint calls Question::getAll() with showAll=true by default, returning records marked as non-public (isVisible=false) along with user email addresses, with similar exposures present in comment, news, and FAQ APIs. This information disclosure vulnerability could enable attackers to harvest email addresses for phishing campaigns or access content that was explicitly marked as private. This issue has been fixed in version 4.0.17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24422","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06222","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06194","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06211","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06201","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24422"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24422","reference_id":"CVE-2026-24422","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24422"},{"reference_url":"https://github.com/advisories/GHSA-j4rc-96xj-gvqc","reference_id":"GHSA-j4rc-96xj-gvqc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4rc-96xj-gvqc"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc","reference_id":"GHSA-j4rc-96xj-gvqc","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-26T14:57:47Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-j4rc-96xj-gvqc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38149?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.17"},{"url":"http://public2.vulnerablecode.io/api/packages/931970?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.0-RC","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.0-RC"}],"aliases":["CVE-2026-24422","GHSA-j4rc-96xj-gvqc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p68j-sbvd-yuh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150643?format=json","vulnerability_id":"VCID-pb65-wunz-tye6","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2999","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58685","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.588","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58797","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58812","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2999"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2999","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2999"},{"reference_url":"https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620","reference_id":"4d89c7cc-fb4c-4b64-9b67-f0189f70a620","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H"},{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:25:48Z/"}],"url":"https://huntr.dev/bounties/4d89c7cc-fb4c-4b64-9b67-f0189f70a620"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd","reference_id":"937913948cab382a38f681e0bd29c152e2f383cd","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H"},{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:25:48Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/937913948cab382a38f681e0bd29c152e2f383cd"},{"reference_url":"https://github.com/advisories/GHSA-94r7-63g8-c4jw","reference_id":"GHSA-94r7-63g8-c4jw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-94r7-63g8-c4jw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381983?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.14"}],"aliases":["CVE-2023-2999","GHSA-94r7-63g8-c4jw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb65-wunz-tye6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74750?format=json","vulnerability_id":"VCID-q6zp-tnjb-pye3","summary":"phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the search term before embedding it in LIKE clauses. However, real_escape_string() does not escape SQL LIKE metacharacters % (match any sequence) and _ (match any single character). An unauthenticated attacker can inject these wildcards into search queries, causing them to match unintended records — including content that was not meant to be surfaced — resulting in information disclosure. This issue has been patched in version 4.1.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34973","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29774","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29776","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29577","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29792","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34973"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34973","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34973"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1","reference_id":"4.1.1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/releases/tag/4.1.1"},{"reference_url":"https://github.com/advisories/GHSA-gcp9-5jc8-976x","reference_id":"GHSA-gcp9-5jc8-976x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcp9-5jc8-976x"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x","reference_id":"GHSA-gcp9-5jc8-976x","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T18:23:50Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gcp9-5jc8-976x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373289?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-34973","GHSA-gcp9-5jc8-976x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6zp-tnjb-pye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148381?format=json","vulnerability_id":"VCID-qb4k-vsfg-wycb","summary":"Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0788","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61111","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61105","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61113","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60999","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0788"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://huntr.com/bounties/808d5452-607c-4af1-812f-26c49faf3e61","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/808d5452-607c-4af1-812f-26c49faf3e61"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0788","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0788"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039","reference_id":"77b42b9d0be3990ee7389207a71528b304b03039","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:51:00Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/77b42b9d0be3990ee7389207a71528b304b03039"},{"reference_url":"https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61","reference_id":"808d5452-607c-4af1-812f-26c49faf3e61","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:51:00Z/"}],"url":"https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61"},{"reference_url":"https://github.com/advisories/GHSA-r6cw-356h-mvwg","reference_id":"GHSA-r6cw-356h-mvwg","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6cw-356h-mvwg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0788","GHSA-r6cw-356h-mvwg"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qb4k-vsfg-wycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359156?format=json","vulnerability_id":"VCID-qhsm-g24v-k7gj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32629","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41566","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41732","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41751","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4174","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32629"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-98gw-w575-h2ph"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32629","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32629"},{"reference_url":"https://github.com/advisories/GHSA-98gw-w575-h2ph","reference_id":"GHSA-98gw-w575-h2ph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98gw-w575-h2ph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373289?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-426v-vz22-nqem"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-n3tn-cpf3-5qe2"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.1"}],"aliases":["CVE-2026-32629","GHSA-98gw-w575-h2ph"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsm-g24v-k7gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144415?format=json","vulnerability_id":"VCID-qpnp-kehq-f7gm","summary":"Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1884","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55623","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55621","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55635","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55501","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1884"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1884","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1884"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611","reference_id":"7f0f921de74c88038826c46bbd2a123518d9d611","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:48:00Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/7f0f921de74c88038826c46bbd2a123518d9d611"},{"reference_url":"https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e","reference_id":"dda73cb6-9344-4822-97a1-2e31efb6a73e","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-10T19:48:00Z/"}],"url":"https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e"},{"reference_url":"https://github.com/advisories/GHSA-gmjj-g2rm-xwm7","reference_id":"GHSA-gmjj-g2rm-xwm7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gmjj-g2rm-xwm7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1884","GHSA-gmjj-g2rm-xwm7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnp-kehq-f7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148199?format=json","vulnerability_id":"VCID-qrn1-cpad-puht","summary":"Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0790","reference_id":"","reference_type":"","scores":[{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.623","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62294","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62304","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62192","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0790"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0790","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0790"},{"reference_url":"https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156","reference_id":"06af150b-b481-4248-9a48-56ded2814156","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:49:20Z/"}],"url":"https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e","reference_id":"f34d84dfe551ecdd675916e45cc0606e04a0734e","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:49:20Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/f34d84dfe551ecdd675916e45cc0606e04a0734e"},{"reference_url":"https://github.com/advisories/GHSA-6vv4-qq3r-9rv8","reference_id":"GHSA-6vv4-qq3r-9rv8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6vv4-qq3r-9rv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0790","GHSA-6vv4-qq3r-9rv8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrn1-cpad-puht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148613?format=json","vulnerability_id":"VCID-r24s-k7p3-f7e4","summary":"Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0792","reference_id":"","reference_type":"","scores":[{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60269","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60265","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60276","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00385","scoring_system":"epss","scoring_elements":"0.60158","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0792"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0792","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0792"},{"reference_url":"https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f","reference_id":"9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:47:46Z/"}],"url":"https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1","reference_id":"d8964568d69488de02f0a0a58acc822eeb5c3cb1","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:47:46Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/d8964568d69488de02f0a0a58acc822eeb5c3cb1"},{"reference_url":"https://github.com/advisories/GHSA-wjrj-jc3w-ppfw","reference_id":"GHSA-wjrj-jc3w-ppfw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wjrj-jc3w-ppfw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0792","GHSA-wjrj-jc3w-ppfw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r24s-k7p3-f7e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357744?format=json","vulnerability_id":"VCID-rp5d-6b4k-33g5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4006","reference_id":"","reference_type":"","scores":[{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34239","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34418","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34443","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00143","scoring_system":"epss","scoring_elements":"0.34422","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4006"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq/commit/03946eca488724251eaed8d9d36fed92e6d8fd22"},{"reference_url":"https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4006","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4006"},{"reference_url":"https://github.com/advisories/GHSA-2xvx-368h-qcmv","reference_id":"GHSA-2xvx-368h-qcmv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2xvx-368h-qcmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381453?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.16"}],"aliases":["CVE-2023-4006","GHSA-2xvx-368h-qcmv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp5d-6b4k-33g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144456?format=json","vulnerability_id":"VCID-rrh1-efbq-tugt","summary":"Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1880","reference_id":"","reference_type":"","scores":[{"value":"0.14326","scoring_system":"epss","scoring_elements":"0.94581","published_at":"2026-06-12T12:55:00Z"},{"value":"0.14326","scoring_system":"epss","scoring_elements":"0.94587","published_at":"2026-06-14T12:55:00Z"},{"value":"0.14326","scoring_system":"epss","scoring_elements":"0.94563","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1880"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1880","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1880"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d","reference_id":"bbc5d4aa4a4375c14e34dd9fcad2042066fe476d","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T19:50:31Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/bbc5d4aa4a4375c14e34dd9fcad2042066fe476d"},{"reference_url":"https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e","reference_id":"ece5f051-674e-4919-b998-594714910f9e","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-10T19:50:31Z/"}],"url":"https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e"},{"reference_url":"https://github.com/advisories/GHSA-m8q9-7v2f-qjx9","reference_id":"GHSA-m8q9-7v2f-qjx9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m8q9-7v2f-qjx9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1880","GHSA-m8q9-7v2f-qjx9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrh1-efbq-tugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69871?format=json","vulnerability_id":"VCID-rrz3-kbbd-eyhq","summary":"phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full administrative access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45010","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41229","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4124","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41249","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41063","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45010"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45010","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45010"},{"reference_url":"https://github.com/advisories/GHSA-9pq7-mfwh-xx2j","reference_id":"GHSA-9pq7-mfwh-xx2j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9pq7-mfwh-xx2j"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j","reference_id":"GHSA-9pq7-mfwh-xx2j","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9pq7-mfwh-xx2j"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint","reference_id":"phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-05-15T22:11:39Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-unauthenticated-two-factor-authentication-brute-force-via-admin-check-endpoint"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45010","GHSA-9pq7-mfwh-xx2j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrz3-kbbd-eyhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144594?format=json","vulnerability_id":"VCID-spjh-4tvh-gyca","summary":"Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1754","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54099","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54229","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54224","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.54242","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1754"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1754","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1754"},{"reference_url":"https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28","reference_id":"529f2361-eb2e-476f-b7ef-4e561a712e28","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:19Z/"}],"url":"https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491","reference_id":"d773df925cb74e874527458beed1f66f966ec491","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:19Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/d773df925cb74e874527458beed1f66f966ec491"},{"reference_url":"https://github.com/advisories/GHSA-gvg8-r8w2-9gfj","reference_id":"GHSA-gvg8-r8w2-9gfj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvg8-r8w2-9gfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1754","GHSA-gvg8-r8w2-9gfj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-spjh-4tvh-gyca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68194?format=json","vulnerability_id":"VCID-tpbv-urbk-h7gf","summary":"phpMyFAQ before 4.1.2 contains a sql injection vulnerability in CurrentUser::setTokenData that allows authenticated attackers to execute arbitrary SQL by injecting malicious OAuth token claims. Attackers with Azure AD accounts containing SQL metacharacters in display names or JWT claims can break out of string literals and execute arbitrary database queries.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46359","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10145","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10135","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1015","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10098","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46359"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46359","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46359"},{"reference_url":"https://github.com/advisories/GHSA-pm8c-3qq3-72w7","reference_id":"GHSA-pm8c-3qq3-72w7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pm8c-3qq3-72w7"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7","reference_id":"GHSA-pm8c-3qq3-72w7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pm8c-3qq3-72w7"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields","reference_id":"phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-15T21:12:51Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-sql-injection-in-currentuser-settokendata-via-unescaped-oauth-token-fields"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46359","GHSA-pm8c-3qq3-72w7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpbv-urbk-h7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144418?format=json","vulnerability_id":"VCID-tq9d-mguz-8bhp","summary":"Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1753","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52771","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52753","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52756","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52628","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1753"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1753","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1753"},{"reference_url":"https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b","reference_id":"01d6ae23-3a8f-42a8-99f4-10246187d71b","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:53Z/"}],"url":"https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5","reference_id":"f612a72494080e04947da7028340fee4493fe8a5","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T19:01:53Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/f612a72494080e04947da7028340fee4493fe8a5"},{"reference_url":"https://github.com/advisories/GHSA-4p4m-5qp7-479x","reference_id":"GHSA-4p4m-5qp7-479x","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p4m-5qp7-479x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1753","GHSA-4p4m-5qp7-479x"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tq9d-mguz-8bhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69890?format=json","vulnerability_id":"VCID-txxg-bugj-6bd4","summary":"phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCE_DELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../<path> in the client URL parameter to recursively delete directories outside the intended clientFolder scope.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45008","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15496","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15471","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15503","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45008"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45008","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45008"},{"reference_url":"https://github.com/advisories/GHSA-gh9p-q46p-57g2","reference_id":"GHSA-gh9p-q46p-57g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gh9p-q46p-57g2"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2","reference_id":"GHSA-gh9p-q46p-57g2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-gh9p-q46p-57g2"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter","reference_id":"phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:05:19Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-path-traversal-in-client-deleteclientfolder-via-url-parameter"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-45008","GHSA-gh9p-q46p-57g2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txxg-bugj-6bd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147996?format=json","vulnerability_id":"VCID-ty89-v3b2-7yf7","summary":"Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0793","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48326","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48324","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48341","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48186","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0793"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0793","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0793"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547","reference_id":"00c04093c671607ee06cdfd670070809460f9547","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:46:24Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/00c04093c671607ee06cdfd670070809460f9547"},{"reference_url":"https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9","reference_id":"b3881a1f-2f1e-45cb-86f3-735f66e660e9","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:46:24Z/"}],"url":"https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9"},{"reference_url":"https://github.com/advisories/GHSA-fxrq-xhj9-rf5j","reference_id":"GHSA-fxrq-xhj9-rf5j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxrq-xhj9-rf5j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0793","GHSA-fxrq-xhj9-rf5j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ty89-v3b2-7yf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/123709?format=json","vulnerability_id":"VCID-u37t-naar-pbav","summary":"phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive configuration files (e.g., `database.php` with database credentials), leading to high-impact information disclosure and potential follow-on compromise. Version 4.0.16 fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69200","reference_id":"","reference_type":"","scores":[{"value":"0.02669","scoring_system":"epss","scoring_elements":"0.86195","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02669","scoring_system":"epss","scoring_elements":"0.86197","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02669","scoring_system":"epss","scoring_elements":"0.86186","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02669","scoring_system":"epss","scoring_elements":"0.86136","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-69200"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a","reference_id":"b0e99ee3695152115841cb546d8dce64ceb8c29a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/commit/b0e99ee3695152115841cb546d8dce64ceb8c29a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69200","reference_id":"CVE-2025-69200","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69200"},{"reference_url":"https://github.com/advisories/GHSA-9cg9-4h4f-j6fg","reference_id":"GHSA-9cg9-4h4f-j6fg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9cg9-4h4f-j6fg"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg","reference_id":"GHSA-9cg9-4h4f-j6fg","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-29T16:14:22Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9cg9-4h4f-j6fg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36384?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.0.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.0.16"}],"aliases":["CVE-2025-69200","GHSA-9cg9-4h4f-j6fg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u37t-naar-pbav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133846?format=json","vulnerability_id":"VCID-uerm-mjrz-vyg4","summary":"Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5227","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61447","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61555","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61551","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61559","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5227"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5227","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5227"},{"reference_url":"https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8","reference_id":"a335c013-db75-4120-872c-42059c7100e8","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:11:37Z/"}],"url":"https://huntr.dev/bounties/a335c013-db75-4120-872c-42059c7100e8"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297","reference_id":"abf52487422ce47195c8a80bd904a7af39f60297","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:11:37Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/abf52487422ce47195c8a80bd904a7af39f60297"},{"reference_url":"https://github.com/advisories/GHSA-qcjg-hvg6-hxcp","reference_id":"GHSA-qcjg-hvg6-hxcp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcjg-hvg6-hxcp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379656?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18"}],"aliases":["CVE-2023-5227","GHSA-qcjg-hvg6-hxcp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uerm-mjrz-vyg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133771?format=json","vulnerability_id":"VCID-ufhy-fdmw-hkdv","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5319","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27028","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27234","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27233","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27252","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5319"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5319","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5319"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131","reference_id":"95ed9b20557ed930d4eed1f3a6db713416f31131","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:08:29Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/95ed9b20557ed930d4eed1f3a6db713416f31131"},{"reference_url":"https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d","reference_id":"e2542cbe-41ab-4a90-b6a4-191884c1834d","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:08:29Z/"}],"url":"https://huntr.dev/bounties/e2542cbe-41ab-4a90-b6a4-191884c1834d"},{"reference_url":"https://github.com/advisories/GHSA-j5ww-5xf4-hqm2","reference_id":"GHSA-j5ww-5xf4-hqm2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5ww-5xf4-hqm2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379656?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18"}],"aliases":["CVE-2023-5319","GHSA-j5ww-5xf4-hqm2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufhy-fdmw-hkdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148475?format=json","vulnerability_id":"VCID-v4hc-w2g2-63f5","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0306","reference_id":"","reference_type":"","scores":[{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61856","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61855","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61863","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0041","scoring_system":"epss","scoring_elements":"0.61754","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0306"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0306","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0306"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5","reference_id":"1815daef61c432bb73b9dca43f03d140c94ef0c5","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:46:25Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/1815daef61c432bb73b9dca43f03d140c94ef0c5"},{"reference_url":"https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde","reference_id":"cbba22f0-89ed-4d01-81ea-744979c8cbde","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-07T17:46:25Z/"}],"url":"https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde"},{"reference_url":"https://github.com/advisories/GHSA-96x6-jf5w-84c5","reference_id":"GHSA-96x6-jf5w-84c5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-96x6-jf5w-84c5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0306","GHSA-96x6-jf5w-84c5"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4hc-w2g2-63f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68157?format=json","vulnerability_id":"VCID-vjqh-59nn-5ude","summary":"phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission to inject malicious script tags via question or answer parameters, which execute in every visitor's browser when FAQ content is rendered with the raw Twig filter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46363","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08945","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08939","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08949","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08901","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46363"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46363","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46363"},{"reference_url":"https://github.com/advisories/GHSA-f5p7-2c9q-8896","reference_id":"GHSA-f5p7-2c9q-8896","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f5p7-2c9q-8896"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896","reference_id":"GHSA-f5p7-2c9q-8896","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-f5p7-2c9q-8896"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass","reference_id":"phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:01:20Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-stored-xss-in-faq-question-answer-via-encode-decode-bypass"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46363","GHSA-f5p7-2c9q-8896"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjqh-59nn-5ude"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150684?format=json","vulnerability_id":"VCID-wcpf-w4c4-ubba","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2752","reference_id":"","reference_type":"","scores":[{"value":"0.0052","scoring_system":"epss","scoring_elements":"0.6736","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0052","scoring_system":"epss","scoring_elements":"0.67347","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0052","scoring_system":"epss","scoring_elements":"0.67361","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0052","scoring_system":"epss","scoring_elements":"0.67255","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2752"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2752","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2752"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8","reference_id":"e7599d49b0ece7ceef3a4e8d334782cc3df98be8","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T17:21:16Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/e7599d49b0ece7ceef3a4e8d334782cc3df98be8"},{"reference_url":"https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4","reference_id":"efdf5b24-6d30-4d57-a5b0-13b253ba3ea4","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-22T17:21:16Z/"}],"url":"https://huntr.dev/bounties/efdf5b24-6d30-4d57-a5b0-13b253ba3ea4"},{"reference_url":"https://github.com/advisories/GHSA-j657-pjgc-c4h6","reference_id":"GHSA-j657-pjgc-c4h6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j657-pjgc-c4h6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381986?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.0-beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.0-beta"}],"aliases":["CVE-2023-2752","GHSA-j657-pjgc-c4h6"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wcpf-w4c4-ubba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140178?format=json","vulnerability_id":"VCID-x1gz-3d4a-1qdy","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4007","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31213","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31405","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31406","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31423","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4007"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4007","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4007"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e","reference_id":"40eb9685198128908e83c2bef4c228751fd43a0e","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-11T18:40:36Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/40eb9685198128908e83c2bef4c228751fd43a0e"},{"reference_url":"https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea","reference_id":"e891dcbc-2092-49d3-9518-23e37187a5ea","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-11T18:40:36Z/"}],"url":"https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea"},{"reference_url":"https://github.com/advisories/GHSA-q9vm-29ph-p7mp","reference_id":"GHSA-q9vm-29ph-p7mp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q9vm-29ph-p7mp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381453?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.16"}],"aliases":["CVE-2023-4007","GHSA-q9vm-29ph-p7mp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1gz-3d4a-1qdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148250?format=json","vulnerability_id":"VCID-x4fs-3h7u-4bbe","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0313","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49901","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49896","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49915","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49759","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0313"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0313","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0313"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b","reference_id":"1123c0872314fa68d7d0d8136939f62270fb4b7b","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:15:37Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/1123c0872314fa68d7d0d8136939f62270fb4b7b"},{"reference_url":"https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256","reference_id":"bc27e84b-1f91-4e1b-a78c-944edeba8256","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:15:37Z/"}],"url":"https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256"},{"reference_url":"https://github.com/advisories/GHSA-x2h8-4mhh-5hwh","reference_id":"GHSA-x2h8-4mhh-5hwh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2h8-4mhh-5hwh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379949?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.10"}],"aliases":["CVE-2023-0313","GHSA-x2h8-4mhh-5hwh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4fs-3h7u-4bbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133932?format=json","vulnerability_id":"VCID-xt5z-y1n5-37fn","summary":"Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5863","reference_id":"","reference_type":"","scores":[{"value":"0.06224","scoring_system":"epss","scoring_elements":"0.91113","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06224","scoring_system":"epss","scoring_elements":"0.91118","published_at":"2026-06-14T12:55:00Z"},{"value":"0.06224","scoring_system":"epss","scoring_elements":"0.91119","published_at":"2026-06-13T12:55:00Z"},{"value":"0.06224","scoring_system":"epss","scoring_elements":"0.91082","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5863"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5863","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5863"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f","reference_id":"97e813dcd2022bd10a8770569a8b02591716365f","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:50:00Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/97e813dcd2022bd10a8770569a8b02591716365f"},{"reference_url":"https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f","reference_id":"fbfd4e84-61fb-4063-8f11-15877b8c1f6f","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:50:00Z/"}],"url":"https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f"},{"reference_url":"https://github.com/advisories/GHSA-j4vj-w5rj-8grw","reference_id":"GHSA-j4vj-w5rj-8grw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4vj-w5rj-8grw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379134?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.2.2"}],"aliases":["CVE-2023-5863","GHSA-j4vj-w5rj-8grw"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xt5z-y1n5-37fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360347?format=json","vulnerability_id":"VCID-yckn-74u4-pkaw","summary":"phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags\n## Summary\n\nThe `TagController::delete()` endpoint at `DELETE /admin/api/content/tags/{tagId}` only verifies that the user is logged in (`userIsAuthenticated()`), but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with `TagController::update()` and `TagController::search()`, which both enforce the `FAQ_EDIT` permission.\n\n## Details\n\nIn `phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/TagController.php`, the `delete()` method (line 121-133) uses only `$this->userIsAuthenticated()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n    $this->userIsAuthenticated();  // Only checks isLoggedIn() — no permission check\n\n    $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n    if ($this->tags->delete($tagId)) {\n        return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n    }\n\n    return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nCompare with `update()` (line 48-71) which properly enforces authorization:\n\n```php\npublic function update(Request $request): JsonResponse\n{\n    $this->userHasPermission(PermissionType::FAQ_EDIT);  // Proper permission check\n    // ... also verifies CSRF token ...\n}\n```\n\nThe `userIsAuthenticated()` method in `AbstractController` (line 258-263) only checks `$this->currentUser->isLoggedIn()`:\n\n```php\nprotected function userIsAuthenticated(): void\n{\n    if (!$this->currentUser->isLoggedIn()) {\n        throw new UnauthorizedHttpException(challenge: 'User is not authenticated.');\n    }\n}\n```\n\nThere is no admin-level middleware in the `Kernel` — it registers only RouterListener, LanguageListener, ControllerContainerListener, and exception listeners. The admin API entry point (`admin/api/index.php`) shares the same bootstrap and session as the frontend, meaning a frontend user's session cookie is valid for admin API requests.\n\nAdditionally, this endpoint lacks CSRF token verification (unlike `update()`), though the primary issue is the missing authorization since the attack vector is a logged-in user acting directly.\n\n## PoC\n\n```bash\n# Step 1: Register as a regular user on the phpMyFAQ frontend\n# (or use any existing non-admin authenticated session)\n\n# Step 2: As the authenticated non-admin user, delete tag with ID 1:\ncurl -X DELETE 'https://target.com/admin/api/content/tags/1' \\\n  -H 'Cookie: PHPSESSID=<regular_user_session>'\n\n# Expected: 401 or 403 (user lacks FAQ_EDIT permission)\n# Actual: 200 OK with {\"success\": \"...\"}\n\n# Step 3: Enumerate and delete all tags:\nfor i in $(seq 1 100); do\n  curl -s -X DELETE \"https://target.com/admin/api/content/tags/$i\" \\\n    -H 'Cookie: PHPSESSID=<regular_user_session>'\ndone\n```\n\n## Impact\n\nAny authenticated user (including regular frontend users who registered through the public registration form) can delete all tags in the phpMyFAQ instance. This results in:\n\n- **Data integrity loss:** Tags are permanently deleted from the database. All FAQ-to-tag associations are destroyed.\n- **Disruption of FAQ organization:** Tag-based navigation, filtering, and tag clouds become empty or broken.\n- **No recoverability without backup:** Deleted tags and their associations cannot be restored without a database backup.\n\nThe impact is limited to tags (not FAQ content itself), but in large installations with extensive tag taxonomies, this could significantly degrade usability.\n\n## Recommended Fix\n\nAdd the `FAQ_EDIT` permission check and CSRF token verification to `TagController::delete()`, consistent with `TagController::update()`:\n\n```php\n#[Route(path: 'content/tags/{tagId}', name: 'admin.api.content.tags.id', methods: ['DELETE'])]\npublic function delete(Request $request): JsonResponse\n{\n    $this->userHasPermission(PermissionType::FAQ_EDIT);\n\n    $tagId = (int) Filter::filterVar($request->attributes->get('tagId'), FILTER_VALIDATE_INT);\n\n    if ($this->tags->delete($tagId)) {\n        return $this->json(['success' => Translation::get(key: 'ad_tag_delete_success')], Response::HTTP_OK);\n    }\n\n    return $this->json(['error' => Translation::get(key: 'ad_tag_delete_error')], Response::HTTP_BAD_REQUEST);\n}\n```\n\nAt minimum, add `$this->userHasPermission(PermissionType::FAQ_EDIT)` to enforce the same authorization as the update and search endpoints. Consider also adding a dedicated `TAG_DELETE` permission type for more granular access control.","references":[{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://github.com/advisories/GHSA-7cx3-2qx2-3g6w","reference_id":"GHSA-7cx3-2qx2-3g6w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7cx3-2qx2-3g6w"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w","reference_id":"GHSA-7cx3-2qx2-3g6w","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7cx3-2qx2-3g6w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["GHSA-7cx3-2qx2-3g6w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yckn-74u4-pkaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/169066?format=json","vulnerability_id":"VCID-ygjv-jn67-p3h9","summary":"Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4407","reference_id":"","reference_type":"","scores":[{"value":"0.09241","scoring_system":"epss","scoring_elements":"0.92927","published_at":"2026-06-12T12:55:00Z"},{"value":"0.09241","scoring_system":"epss","scoring_elements":"0.9293","published_at":"2026-06-14T12:55:00Z"},{"value":"0.09241","scoring_system":"epss","scoring_elements":"0.92929","published_at":"2026-06-13T12:55:00Z"},{"value":"0.09241","scoring_system":"epss","scoring_elements":"0.92904","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4407"},{"reference_url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4407","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4407"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5","reference_id":"1d73af34bf42764f9f9491c7ba5e9495d70e3ca5","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:37Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"},{"reference_url":"https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b","reference_id":"a1649f43-78c9-4927-b313-36911872a84b","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-14T14:44:37Z/"}],"url":"https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52226.txt","reference_id":"CVE-2022-4407","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52226.txt"},{"reference_url":"https://github.com/advisories/GHSA-cp9c-phxx-55xm","reference_id":"GHSA-cp9c-phxx-55xm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cp9c-phxx-55xm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383967?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8hxw-rvte-33a1"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-btr7-sehp-zbac"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-dc77-t7y6-z3ab"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-fnfe-xws9-8bgg"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gsjf-hmab-ruew"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-m9y5-g412-zbeh"},{"vulnerability":"VCID-mt7j-r561-tubz"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-v4hc-w2g2-63f5"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-x4fs-3h7u-4bbe"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9"}],"aliases":["CVE-2022-4407","GHSA-cp9c-phxx-55xm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygjv-jn67-p3h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144847?format=json","vulnerability_id":"VCID-yh2p-b5px-b7hz","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1757","reference_id":"","reference_type":"","scores":[{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58495","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.5849","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58506","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00357","scoring_system":"epss","scoring_elements":"0.58378","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1757"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1757","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1757"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19","reference_id":"5061e5841be6c218ebb0de0cbf7b7f195dc46d19","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:43:09Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/5061e5841be6c218ebb0de0cbf7b7f195dc46d19"},{"reference_url":"https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c","reference_id":"584a200a-6ff8-4d53-a3c0-e7893edff60c","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-10T20:43:09Z/"}],"url":"https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c"},{"reference_url":"https://github.com/advisories/GHSA-jvjx-qqh7-6x6c","reference_id":"GHSA-jvjx-qqh7-6x6c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jvjx-qqh7-6x6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/36275?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.12"}],"aliases":["CVE-2023-1757","GHSA-jvjx-qqh7-6x6c"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yh2p-b5px-b7hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150702?format=json","vulnerability_id":"VCID-yn5s-m3hv-7be8","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2998","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60342","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60453","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60448","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.60459","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2998"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2998","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2998"},{"reference_url":"https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78","reference_id":"8282d78e-f399-4bf4-8403-f39103a31e78","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:26:29Z/"}],"url":"https://huntr.dev/bounties/8282d78e-f399-4bf4-8403-f39103a31e78"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493","reference_id":"c120070a66e6c497c328d3b6b067eebcd8ea8493","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-10T16:26:29Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/c120070a66e6c497c328d3b6b067eebcd8ea8493"},{"reference_url":"https://github.com/advisories/GHSA-974q-4vvr-vg9c","reference_id":"GHSA-974q-4vvr-vg9c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-974q-4vvr-vg9c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381983?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.14"}],"aliases":["CVE-2023-2998","GHSA-974q-4vvr-vg9c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yn5s-m3hv-7be8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/358508?format=json","vulnerability_id":"VCID-z4qa-mnne-pyay","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6890","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29793","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29991","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30007","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.2999","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6890"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq/commit/97d90ebbe11ebc6081bf49a2ba4b60f227cd1b43"},{"reference_url":"https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/2cf11678-8793-4fa1-b21a-f135564a105d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6890","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6890"},{"reference_url":"https://github.com/advisories/GHSA-4h37-q5j3-hw96","reference_id":"GHSA-4h37-q5j3-hw96","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4h37-q5j3-hw96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380139?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.17"}],"aliases":["CVE-2023-6890","GHSA-4h37-q5j3-hw96"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4qa-mnne-pyay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133646?format=json","vulnerability_id":"VCID-z8kb-6u51-8bd9","summary":"Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5316","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52529","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.5265","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52656","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52668","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5316"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5316","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5316"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa","reference_id":"332d2e4a83251d406ca58dd11c27c598673aa5fa","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:05:40Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/332d2e4a83251d406ca58dd11c27c598673aa5fa"},{"reference_url":"https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43","reference_id":"f877e65a-e647-457b-b105-7e5c9f58fb43","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-23T16:05:40Z/"}],"url":"https://huntr.dev/bounties/f877e65a-e647-457b-b105-7e5c9f58fb43"},{"reference_url":"https://github.com/advisories/GHSA-58v7-58c2-qwm9","reference_id":"GHSA-58v7-58c2-qwm9","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58v7-58c2-qwm9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379656?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.18"}],"aliases":["CVE-2023-5316","GHSA-58v7-58c2-qwm9"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8kb-6u51-8bd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148434?format=json","vulnerability_id":"VCID-zaaf-n1z8-v7b3","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0794","reference_id":"","reference_type":"","scores":[{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58571","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58565","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58581","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.58453","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0794"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://huntr.com/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0794","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0794"},{"reference_url":"https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb","reference_id":"949975f1-271d-46aa-85e5-1a013cdb5efb","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:47:10Z/"}],"url":"https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635","reference_id":"edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-21T18:47:10Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/edf0f6f90d4deaf46b4fd97ae92f16c1e10a2635"},{"reference_url":"https://github.com/advisories/GHSA-gf34-hh5r-f74h","reference_id":"GHSA-gf34-hh5r-f74h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf34-hh5r-f74h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0794","GHSA-gf34-hh5r-f74h"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zaaf-n1z8-v7b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174880?format=json","vulnerability_id":"VCID-zpeg-pwqh-hbby","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3765","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63487","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63484","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63373","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63476","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3765"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af","reference_id":"372428d02a08e90b3a253ba5c506cda84581a5af","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:01:23Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af"},{"reference_url":"https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d","reference_id":"613143a1-8e51-449a-b214-12458308835d","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T18:01:23Z/"}],"url":"https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3765","reference_id":"CVE-2022-3765","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3765"},{"reference_url":"https://github.com/advisories/GHSA-wr74-2v66-57pp","reference_id":"GHSA-wr74-2v66-57pp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr74-2v66-57pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27673?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-569v-kyhm-6bd7"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8hxw-rvte-33a1"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-btr7-sehp-zbac"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-dc77-t7y6-z3ab"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-fnfe-xws9-8bgg"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gsjf-hmab-ruew"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-m9y5-g412-zbeh"},{"vulnerability":"VCID-mt7j-r561-tubz"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-v4hc-w2g2-63f5"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-x4fs-3h7u-4bbe"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-ygjv-jn67-p3h9"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-ztw9-5sne-p3e9"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.8"}],"aliases":["CVE-2022-3765","GHSA-wr74-2v66-57pp"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zpeg-pwqh-hbby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68203?format=json","vulnerability_id":"VCID-zr1w-jzzj-a7gd","summary":"phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46362","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15029","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14999","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15028","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14909","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-46362"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46362","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46362"},{"reference_url":"https://github.com/advisories/GHSA-hpgw-ww76-c68r","reference_id":"GHSA-hpgw-ww76-c68r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hpgw-ww76-c68r"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r","reference_id":"GHSA-hpgw-ww76-c68r","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/"}],"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hpgw-ww76-c68r"},{"reference_url":"https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check","reference_id":"phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-18T16:06:31Z/"}],"url":"https://www.vulncheck.com/advisories/phpmyfaq-authorization-bypass-in-admin-pages-via-non-terminating-permission-check"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40863?format=json","purl":"pkg:composer/thorsten/phpmyfaq@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-mdxy-3bhf-6ybe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@4.1.2"}],"aliases":["CVE-2026-46362","GHSA-hpgw-ww76-c68r"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zr1w-jzzj-a7gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/168686?format=json","vulnerability_id":"VCID-ztw9-5sne-p3e9","summary":"Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4409","reference_id":"","reference_type":"","scores":[{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37203","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37188","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37178","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00162","scoring_system":"epss","scoring_elements":"0.37","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4409"},{"reference_url":"https://github.com/thorsten/phpmyfaq","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpmyfaq"},{"reference_url":"https://github.com/thorsten/phpMyFAQ/commit/c16cc2bbe2687f75aa1204b804483091fae43cba","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ/commit/c16cc2bbe2687f75aa1204b804483091fae43cba"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4409","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4409"},{"reference_url":"https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c","reference_id":"5915ed4c-5fe2-42e7-8fac-5dd0d032727c","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:43:47Z/"}],"url":"https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/8b47f38","reference_id":"8b47f38","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T14:43:47Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/8b47f38"},{"reference_url":"https://github.com/advisories/GHSA-wpgc-5cr5-h9gg","reference_id":"GHSA-wpgc-5cr5-h9gg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpgc-5cr5-h9gg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/383967?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-1rpy-1jkw-w3fx"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8hxw-rvte-33a1"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-ax4d-t793-8bas"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-btr7-sehp-zbac"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-dc77-t7y6-z3ab"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-e6u1-1y99-5khx"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-fnfe-xws9-8bgg"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gsjf-hmab-ruew"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-jq9j-su28-xken"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-m9y5-g412-zbeh"},{"vulnerability":"VCID-mt7j-r561-tubz"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qb4k-vsfg-wycb"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-qrn1-cpad-puht"},{"vulnerability":"VCID-r24s-k7p3-f7e4"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-ty89-v3b2-7yf7"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-v4hc-w2g2-63f5"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-x4fs-3h7u-4bbe"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zaaf-n1z8-v7b3"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"},{"vulnerability":"VCID-zwsu-pwxb-u3h5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.9"}],"aliases":["CVE-2022-4409","GHSA-wpgc-5cr5-h9gg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztw9-5sne-p3e9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147982?format=json","vulnerability_id":"VCID-zwsu-pwxb-u3h5","summary":"Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0787","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52499","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52505","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52517","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52376","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0787"},{"reference_url":"https://github.com/thorsten/phpMyFAQ","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/thorsten/phpMyFAQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0787","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0787"},{"reference_url":"https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024","reference_id":"87397c71-7b84-4617-a66e-fa6c73be9024","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:46:47Z/"}],"url":"https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024"},{"reference_url":"https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612","reference_id":"b76d58321a7a595eeaf4f7a30403ca6cd8506612","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-24T17:46:47Z/"}],"url":"https://github.com/thorsten/phpmyfaq/commit/b76d58321a7a595eeaf4f7a30403ca6cd8506612"},{"reference_url":"https://github.com/advisories/GHSA-gxxj-x426-xj2w","reference_id":"GHSA-gxxj-x426-xj2w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gxxj-x426-xj2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380407?format=json","purl":"pkg:composer/thorsten/phpmyfaq@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15bx-wfer-qygk"},{"vulnerability":"VCID-15yp-h3fj-pbb1"},{"vulnerability":"VCID-1kny-sn17-gbdz"},{"vulnerability":"VCID-1q6p-7t7t-87e5"},{"vulnerability":"VCID-1qwx-htn1-4bg8"},{"vulnerability":"VCID-2bb7-xtyn-dbcq"},{"vulnerability":"VCID-2bsv-7dt5-6qcu"},{"vulnerability":"VCID-2wd2-u5mg-suh4"},{"vulnerability":"VCID-4ej8-n833-fuf4"},{"vulnerability":"VCID-57ev-2w6v-mbbs"},{"vulnerability":"VCID-5pw3-qxh6-6ufr"},{"vulnerability":"VCID-5wsg-7979-dqgs"},{"vulnerability":"VCID-6jmj-n5mz-bba8"},{"vulnerability":"VCID-6w5z-nvj8-wke8"},{"vulnerability":"VCID-7tpb-1avq-zfhu"},{"vulnerability":"VCID-8fkr-xfw6-ffcj"},{"vulnerability":"VCID-8k51-budg-h3ak"},{"vulnerability":"VCID-8tff-qn8m-r3hc"},{"vulnerability":"VCID-8vqk-5ha5-4bae"},{"vulnerability":"VCID-9mx6-54u5-fugf"},{"vulnerability":"VCID-ajev-ydxv-nbd5"},{"vulnerability":"VCID-aku3-vveb-gugg"},{"vulnerability":"VCID-b214-zgc8-4qdh"},{"vulnerability":"VCID-b4yy-mtkz-hybq"},{"vulnerability":"VCID-b64e-gffa-5kg7"},{"vulnerability":"VCID-bfsb-58cj-mfaa"},{"vulnerability":"VCID-c229-su7g-v3dg"},{"vulnerability":"VCID-cjzd-5q9t-nfek"},{"vulnerability":"VCID-cnr9-cykp-bbaw"},{"vulnerability":"VCID-e4ep-gxfy-jbah"},{"vulnerability":"VCID-ecpv-3xqn-eqf8"},{"vulnerability":"VCID-emzq-e5ru-w3cx"},{"vulnerability":"VCID-gj1u-m1qq-1qb1"},{"vulnerability":"VCID-gnxm-rq5g-g3d9"},{"vulnerability":"VCID-gvt4-1vk8-8fbx"},{"vulnerability":"VCID-h2wj-7wb2-x3hz"},{"vulnerability":"VCID-hygm-7h9w-x7cs"},{"vulnerability":"VCID-kfmg-41jk-qfh6"},{"vulnerability":"VCID-kppj-ng9a-9fhs"},{"vulnerability":"VCID-naqh-qumg-37gh"},{"vulnerability":"VCID-p68j-sbvd-yuh4"},{"vulnerability":"VCID-pb65-wunz-tye6"},{"vulnerability":"VCID-q6zp-tnjb-pye3"},{"vulnerability":"VCID-qhsm-g24v-k7gj"},{"vulnerability":"VCID-qpnp-kehq-f7gm"},{"vulnerability":"VCID-rp5d-6b4k-33g5"},{"vulnerability":"VCID-rrh1-efbq-tugt"},{"vulnerability":"VCID-rrz3-kbbd-eyhq"},{"vulnerability":"VCID-spjh-4tvh-gyca"},{"vulnerability":"VCID-tpbv-urbk-h7gf"},{"vulnerability":"VCID-tq9d-mguz-8bhp"},{"vulnerability":"VCID-txxg-bugj-6bd4"},{"vulnerability":"VCID-u37t-naar-pbav"},{"vulnerability":"VCID-uerm-mjrz-vyg4"},{"vulnerability":"VCID-ufhy-fdmw-hkdv"},{"vulnerability":"VCID-vjqh-59nn-5ude"},{"vulnerability":"VCID-wcpf-w4c4-ubba"},{"vulnerability":"VCID-x1gz-3d4a-1qdy"},{"vulnerability":"VCID-xt5z-y1n5-37fn"},{"vulnerability":"VCID-yckn-74u4-pkaw"},{"vulnerability":"VCID-yh2p-b5px-b7hz"},{"vulnerability":"VCID-yn5s-m3hv-7be8"},{"vulnerability":"VCID-z4qa-mnne-pyay"},{"vulnerability":"VCID-z8kb-6u51-8bd9"},{"vulnerability":"VCID-zr1w-jzzj-a7gd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.1.11"}],"aliases":["CVE-2023-0787","GHSA-gxxj-x426-xj2w"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwsu-pwxb-u3h5"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/thorsten/phpmyfaq@3.0.4"}