CNNVD-202512-4963 Information
CNNVD ID
CNNVD-202512-4963
Related CVE
- CNNVD Published: 2025-12-29
Description (Chinese)
phpMyFAQ是Thorsten Rinne个人开发者的一个多语言、完全由数据库驱动的常见问题解答系统。 phpMyFAQ 4.0.14版本和4.0.15版本存在跨站脚本漏洞,该漏洞源于服务器端解码后未转义,可能导致存储型跨站脚本攻击。
Description (English)
phpMyFAQ is a multilingual, database-driven, common-question answer system for Thorsten Rinne personal developers. The phpMyFAQ, Versions 4.0.14 and 4.0.15 have a cross-site script loophole, which stems from the fact that the server end has been decoded and has not been converted, which may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
个人开发者
Published
2025-12-29
Last Modified
2026-02-24
References
https://github.com/thorsten/phpMyFAQ/commit/8211d1d25951b4c272443cfc3ef9c09b1363fd87 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-jv8r-hv7q-p6vc https://github.com/thorsten/phpMyFAQ/commit/61829e83411f7b28bc6fd1052bfde54c32c6c370 https://access.redhat.com/security/cve/cve-2025-68951
Patch
https://www.phpmyfaq.de/download/
Share on: