CVE-2024-28106
- Reference to the description:
- Description:
- phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.
- Last updated date:
- 01/09/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/09/2025
- Reference url to background
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r