CVE-2023-3469
phpMyFAQ Cross-site Scripting
5.2
MEDIUM
CVSS 3.1
EPSS 0.18%
Description
phpMyFAQ prior to 3.2.0-beta.2 contains a cross-site scripting vulnerability. When an administrator restores a backup from a file, it's possible to trigger an error with a specially crafted file that can be displayed on the web page. Since the error message contains the invalid part of the file, any JavaScript code in the file is executed.
How to fix CVE-2023-3469
To remediate CVE-2023-3469, upgrade the affected package to a fixed version below.
- —upgrade to 3.2.0-beta.2 or later
Is CVE-2023-3469 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.2.0-beta.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.2 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N |