| CVE-2026-46363 |
medium |
5.4 |
5.4 |
12d ago |
phpMyFAQ: Stored XSS in FAQ Question/Answer via Encode-Decode Bypass of removeAttributes() Sanitization |
|
| CVE-2026-46365 |
medium |
5.4 |
5.4 |
12d ago |
phpMyFAQ: Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags |
|
| CVE-2026-46360 |
medium |
5.4 |
5.4 |
12d ago |
phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS |
|
| CVE-2026-45009 |
medium |
4.3 |
4.3 |
12d ago |
phpMyFAQ: Ordinary Authenticated User Can Access Admin-Only API Endpoints Due to Insufficient Authorization Check |
|
| CVE-2026-34974 |
unknown |
— |
— |
2mo ago |
phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation |
|
| CVE-2026-34973 |
unknown |
— |
— |
2mo ago |
phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure |
|
| CVE-2026-32629 |
unknown |
— |
— |
2mo ago |
phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor |
|
| CVE-2026-27836 |
unknown |
— |
— |
3mo ago |
phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint |
|
| CVE-2026-24422 |
unknown |
— |
— |
4mo ago |
phpMyFAQ: Public API endpoints expose emails and invisible questions |
|
| CVE-2026-24421 |
unknown |
— |
— |
4mo ago |
phpMyFAQ: /api/setup/backup accessible to any authenticated user (authz missing) |
|
| CVE-2026-24420 |
unknown |
— |
— |
4mo ago |
phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) |
|
| CVE-2025-69200 |
unknown |
— |
— |
5mo ago |
phpMyFAQ has unauthenticated config backup download via /api/setup/backup |
|
| CVE-2025-68951 |
unknown |
— |
— |
5mo ago |
phpMyFAQ has Stored XSS in user list via admin-managed display_name |
|
| CVE-2023-53929 |
unknown |
— |
— |
5mo ago |
phpMyFAQ contains a CSV injection vulnerability |
|
| CVE-2025-62519 |
unknown |
— |
— |
6mo ago |
phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality |
|
| CVE-2025-59943 |
unknown |
— |
— |
8mo ago |
phpMyFAQ duplicate email registration allows multiple accounts with the same email |
|
| CVE-2024-56199 |
unknown |
— |
— |
1y ago |
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ |
|
| CVE-2024-55889 |
unknown |
— |
— |
2y ago |
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames |
|
| CVE-2024-54141 |
unknown |
— |
— |
2y ago |
phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available |
|
| CVE-2023-6889 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting vulnerability |
|
| CVE-2023-6890 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting vulnerability |
|
| CVE-2023-5865 |
unknown |
— |
— |
3y ago |
Insufficient Session Expiration in thorsten/phpmyfaq |
|
| CVE-2023-5867 |
unknown |
— |
— |
3y ago |
Cross-site Scripting (XSS) in thorsten/phpmyfaq |
|
| CVE-2023-5866 |
unknown |
— |
— |
3y ago |
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq |
|
| CVE-2023-5864 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting vulnerability |
|
| CVE-2023-5863 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting vulnerability |
|
| CVE-2023-5227 |
unknown |
— |
— |
3y ago |
phpMyFAQ allows unrestricted file types in image field |
|
| CVE-2023-5319 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting vulnerability |
|
| CVE-2023-5317 |
unknown |
— |
— |
3y ago |
phpMyFaq Cross-site Scripting vulnerability |
|
| CVE-2023-5316 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting vulnerability |
|
| CVE-2023-5320 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting vulnerability |
|
| CVE-2023-4006 |
unknown |
— |
— |
3y ago |
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability |
|
| CVE-2023-4007 |
unknown |
— |
— |
3y ago |
phpMyFAQ Stored Cross-site Scripting vulnerability |
|
| CVE-2023-3469 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting |
|
| CVE-2023-2998 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to cross-site scripting |
|
| CVE-2023-2999 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to cross-site scripting |
|
| CVE-2023-2752 |
unknown |
— |
— |
3y ago |
phpMyFAQ vulnerable to stored Cross-site Scripting |
|
| CVE-2023-2753 |
unknown |
— |
— |
3y ago |
phpMyFAQ vulnerable to stored Cross-site Scripting |
|
| CVE-2023-2427 |
unknown |
— |
— |
3y ago |
Cross Site Scripting in thorsten/phpmyfaq |
|
| CVE-2023-2550 |
unknown |
— |
— |
3y ago |
Cross Site Scripting in thorsten/phpmyfaq |
|
| CVE-2023-2429 |
unknown |
— |
— |
3y ago |
phpMyFAQ Improper Access Control vulnerability |
|
| CVE-2023-2428 |
unknown |
— |
— |
3y ago |
phpMyFAQ vulnerable to Stored Cross-site Scripting |
|
| CVE-2023-1875 |
unknown |
— |
— |
3y ago |
Cross-site Scripting in thorsten/phpmyfaq |
|
| CVE-2023-1882 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter |
|
| CVE-2023-1885 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter |
|
| CVE-2023-1883 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to improper access control |
|
| CVE-2023-1886 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to authentication bypass |
|
| CVE-2023-1756 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export |
|
| CVE-2023-1878 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog |
|
| CVE-2023-1884 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter |
|
| CVE-2023-1887 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to business logic errors |
|
| CVE-2023-1880 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter |
|
| CVE-2023-1879 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter |
|
| CVE-2023-1758 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter |
|
| CVE-2023-1757 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter |
|
| CVE-2023-1760 |
unknown |
— |
— |
3y ago |
phpMyFAQ Stored Cross-site Scripting vulnerability |
|
| CVE-2023-1754 |
unknown |
— |
— |
3y ago |
phpMyFAQ vulnerable to improper input validation |
|
| CVE-2023-1755 |
unknown |
— |
— |
3y ago |
phpMyFAQ Cross-site Scripting vulnerability |
|
| CVE-2023-1753 |
unknown |
— |
— |
3y ago |
phpMyFAQ has weak password requirements |
|
| CVE-2023-1759 |
unknown |
— |
— |
3y ago |
phpMyFAQ Stored Cross-site Scripting vulnerability |
|
| CVE-2023-1761 |
unknown |
— |
— |
3y ago |
phpMyFAQ Code Injection vulnerability |
|
| CVE-2023-1762 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management |
|
| CVE-2023-0880 |
unknown |
— |
— |
3y ago |
Misinterpretation of Input in thorsten/phpmyfaq |
|
| CVE-2023-0794 |
unknown |
— |
— |
3y ago |
Cross-site Scripting in thorsten/phpmyfaq |
|
| CVE-2023-0787 |
unknown |
— |
— |
3y ago |
Cross-site Scripting in thorsten/phpmyfaq |
|
| CVE-2023-0791 |
unknown |
— |
— |
3y ago |
Cross-site Scripting in thorsten/phpmyfaq |
|
| CVE-2023-0786 |
unknown |
— |
— |
3y ago |
Cross-site Scripting in thorsten/phpmyfaq |
|
| CVE-2023-0789 |
unknown |
— |
— |
3y ago |
Command Injection in thorsten/phpmyfaq |
|
| CVE-2023-0790 |
unknown |
— |
— |
3y ago |
Uncaught Exception in thorsten/phpmyfaq |
|
| CVE-2023-0788 |
unknown |
— |
— |
3y ago |
Code Injection in thorsten/phpmyfaq |
|
| CVE-2023-0792 |
unknown |
— |
— |
3y ago |
Code Injection in thorsten/phpmyfaq |
|
| CVE-2023-0793 |
unknown |
— |
— |
3y ago |
Weak Password Requirements in thorsten/phpmyfaq |
|
| CVE-2023-0308 |
unknown |
— |
— |
3y ago |
phpMyFAQ Stored Cross-site Scripting vulnerability |
|
| CVE-2023-0306 |
unknown |
— |
— |
3y ago |
phpMyFAQ Stored Cross-site Scripting vulnerability |
|
| CVE-2023-0307 |
unknown |
— |
— |
3y ago |
phpMyFAQ has Weak Password Requirements |
|
| CVE-2023-0309 |
unknown |
— |
— |
3y ago |
phpMyFAQ Stored Cross-site Scripting vulnerability |
|
| CVE-2023-0314 |
unknown |
— |
— |
3y ago |
phpMyFAQ Reflected Cross-site Scripting vulnerability |
|
| CVE-2023-0313 |
unknown |
— |
— |
3y ago |
phpMyFAQ Stored Cross-site Scripting vulnerability |
|
| CVE-2023-0312 |
unknown |
— |
— |
3y ago |
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS) |
|
| CVE-2023-0311 |
unknown |
— |
— |
3y ago |
phpMyFAQ Improper Authentication vulnerability |
|
| CVE-2023-0310 |
unknown |
— |
— |
3y ago |
phpMyFAQ Stored Cross-site Scripting vulnerability |
|
| CVE-2022-4408 |
unknown |
— |
— |
4y ago |
phpMyFAQ vulnerable to Cross-site Scripting |
|
| CVE-2022-4407 |
unknown |
— |
— |
4y ago |
phpMyFAQ vulnerable to Cross-site Scripting |
|
| CVE-2022-4409 |
unknown |
— |
— |
4y ago |
phpMyFAQ has insecure HTTP cookies |
|
| CVE-2022-3765 |
unknown |
— |
— |
4y ago |
phpMyFAQ vulnerable to stored Cross-site Scripting |
|
| CVE-2022-3766 |
unknown |
— |
— |
4y ago |
phpMyFAQ vulnerable to reflected Cross-site Scripting |
|
| CVE-2022-3754 |
unknown |
— |
— |
4y ago |
phpMyFAQ contains Weak Password Requirements |
|
| CVE-2022-3608 |
unknown |
— |
— |
4y ago |
phpMyFAQ vulnerable to Cross-site Scripting |
|
| CVE-2018-16650 |
unknown |
— |
— |
4y ago |
phpMyFAQ CSRF |
|