CVE-2024-28108: phpMyFAQ Stored HTML Injection at contentLink
Due to insufficient validation on the contentLink
parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. Also, requires that adding new FAQs is allowed for guests and that the admin doesn’t check the content of a newly added FAQ.
References
Detect and mitigate CVE-2024-28108 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →