CVE-2024-24574: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
References
- github.com/advisories/GHSA-7m8g-fprr-47fx
- github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5
- github.com/thorsten/phpMyFAQ/pull/2827
- github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx
- nvd.nist.gov/vuln/detail/CVE-2024-24574
- www.phpmyfaq.de/security/advisory-2024-02-05
Detect and mitigate CVE-2024-24574 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →