CVE-2023-1758

Medium

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to…

@huntrdev·CWE-75·Published 2023-04-05

CVSS

5.4

EPSS

0.01

KEV

Exploits

cve.orgen

143 chars

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

NVDen

143 chars

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the FAQ comment username parameter. This has been fixed in 3.1.12.

GHSAen

194 chars

thorsten/phpmyfaq prior to 3.1.12 is vulnerable to stored cross-site scripting (XSS) because it fails to sanitize user input in the FAQ comment username parameter. This has been fixed in 3.1.12.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	8.9	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
3.0	Primary	cve.org	8.9	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
3.0	Secondary	NVD	8.9	2.3	6.0	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
3.1	Primary	NVD	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.1	Secondary	GHSA	8.9	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L