Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wgqs-pf23-dkdb
SummaryphpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
Aliases
0
alias CVE-2024-28106
1
alias GHSA-6p68-36m6-392r
Fixed_packages
0
url pkg:composer/phpmyfaq/phpmyfaq@3.2.6
purl pkg:composer/phpmyfaq/phpmyfaq@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2na9-t3m7-wfhn
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5pw3-qxh6-6ufr
4
vulnerability VCID-5wsg-7979-dqgs
5
vulnerability VCID-6jmj-n5mz-bba8
6
vulnerability VCID-7tpb-1avq-zfhu
7
vulnerability VCID-8k51-budg-h3ak
8
vulnerability VCID-a9tb-yj7x-pya1
9
vulnerability VCID-ecpv-3xqn-eqf8
10
vulnerability VCID-p68j-sbvd-yuh4
11
vulnerability VCID-qhsm-g24v-k7gj
12
vulnerability VCID-rrz3-kbbd-eyhq
13
vulnerability VCID-tpbv-urbk-h7gf
14
vulnerability VCID-txxg-bugj-6bd4
15
vulnerability VCID-vjqh-59nn-5ude
16
vulnerability VCID-yckn-74u4-pkaw
17
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.6
1
url pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
purl pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qwx-htn1-4bg8
1
vulnerability VCID-2na9-t3m7-wfhn
2
vulnerability VCID-57ev-2w6v-mbbs
3
vulnerability VCID-5ez6-qnbc-nfgb
4
vulnerability VCID-5pw3-qxh6-6ufr
5
vulnerability VCID-5wsg-7979-dqgs
6
vulnerability VCID-6jmj-n5mz-bba8
7
vulnerability VCID-7tpb-1avq-zfhu
8
vulnerability VCID-8k51-budg-h3ak
9
vulnerability VCID-a9tb-yj7x-pya1
10
vulnerability VCID-ecpv-3xqn-eqf8
11
vulnerability VCID-p68j-sbvd-yuh4
12
vulnerability VCID-qhsm-g24v-k7gj
13
vulnerability VCID-rrz3-kbbd-eyhq
14
vulnerability VCID-tpbv-urbk-h7gf
15
vulnerability VCID-txxg-bugj-6bd4
16
vulnerability VCID-vjqh-59nn-5ude
17
vulnerability VCID-yckn-74u4-pkaw
18
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@4.0.0-alpha
Affected_packages
0
url pkg:composer/phpmyfaq/phpmyfaq@3.2.5
purl pkg:composer/phpmyfaq/phpmyfaq@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-129s-b67r-uyfw
1
vulnerability VCID-1qwx-htn1-4bg8
2
vulnerability VCID-2na9-t3m7-wfhn
3
vulnerability VCID-5256-zeqq-yqas
4
vulnerability VCID-527w-e1dv-qyhe
5
vulnerability VCID-57ev-2w6v-mbbs
6
vulnerability VCID-5pw3-qxh6-6ufr
7
vulnerability VCID-5wsg-7979-dqgs
8
vulnerability VCID-6jmj-n5mz-bba8
9
vulnerability VCID-7tpb-1avq-zfhu
10
vulnerability VCID-8k51-budg-h3ak
11
vulnerability VCID-a9tb-yj7x-pya1
12
vulnerability VCID-cq9g-8pv2-bfcm
13
vulnerability VCID-ecpv-3xqn-eqf8
14
vulnerability VCID-p68j-sbvd-yuh4
15
vulnerability VCID-q524-u3fc-2uac
16
vulnerability VCID-qhsm-g24v-k7gj
17
vulnerability VCID-qtya-dhhw-uqa9
18
vulnerability VCID-rrz3-kbbd-eyhq
19
vulnerability VCID-tpbv-urbk-h7gf
20
vulnerability VCID-txxg-bugj-6bd4
21
vulnerability VCID-vjqh-59nn-5ude
22
vulnerability VCID-wgqs-pf23-dkdb
23
vulnerability VCID-yckn-74u4-pkaw
24
vulnerability VCID-yjdz-bsf2-xbfz
25
vulnerability VCID-zr1w-jzzj-a7gd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyfaq/phpmyfaq@3.2.5
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28106
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36473
published_at 2026-06-14T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36485
published_at 2026-06-13T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.3646
published_at 2026-06-12T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.36279
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28106
1
reference_url https://github.com/thorsten/phpMyFAQ
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/thorsten/phpMyFAQ
2
reference_url https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a
reference_id c94b3deadd87789389e1fad162bc3dd595c0e15a
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T00:06:05Z/
url https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28106
reference_id CVE-2024-28106
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28106
4
reference_url https://github.com/advisories/GHSA-6p68-36m6-392r
reference_id GHSA-6p68-36m6-392r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6p68-36m6-392r
5
reference_url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r
reference_id GHSA-6p68-36m6-392r
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T00:06:05Z/
url https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wgqs-pf23-dkdb