FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
33888815-631e-4bba-b776-a9b46fe177b5phpmyfaq -- multiple issues

phpmyfaq developers report:

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.


Discovery 2017-09-20
Entry 2017-09-29
phpmyfaq
le 2.9.8

https://www.exploit-db.com/exploits/42761/
https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86
CVE-2017-14618
CVE-2017-14619
f87a9376-0943-11e6-8fc4-00a0986f28c4phpmyfaq -- cross-site request forgery vulnerability

The phpMyFAQ team reports:

The vulnerability exists due to application does not properly verify origin of HTTP requests in "Interface Translation" functionality.: A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrator to visit the page, spoof the HTTP request, as if it was coming from the legitimate user, inject and execute arbitrary PHP code on the target system with privileges of the webserver.


Discovery 2016-04-11
Entry 2016-04-23
phpmyfaq
< 2.8.27

http://www.phpmyfaq.de/security/advisory-2016-04-11
https://www.htbridge.com/advisory/HTB23300
1f655433-551b-11eb-9cda-589cfc0f81b0phpmyfaq -- XSS vulnerability

phpmyfaq developers report:

phpMyFAQ does not implement sufficient checks to avoid XSS injection for displaying tags.


Discovery 2020-12-23
Entry 2021-01-12
phpmyfaq
le 3.0.6

https://www.phpmyfaq.de/security/advisory-2020-12-23
3b86583a-66a7-11e3-868f-0025905a4771phpmyfaq -- arbitrary PHP code execution vulnerability

The phpMyFAQ team reports:

Secunia noticed while analysing the advisory that authenticated users with "Right to add attachments" are able to exploit an already publicly known issue in the bundled Ajax File Manager of phpMyFAQ version 2.8.3, which leads to arbitrary PHP code execution for authenticated users with the permission "Right to add attachments".


Discovery 2013-11-26
Entry 2013-12-16
Modified 2013-12-17
phpmyfaq
< 2.8.4

http://en.securitylab.ru/lab/PT-2013-41
http://www.phpmyfaq.de/advisory_2013-11-26.php
4dd575b8-8f82-11e3-bb11-0025905a4771phpmyfaq -- multiple vulnerabilities

The phpMyFAQ team reports:

An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally.


Discovery 2014-02-04
Entry 2014-02-06
phpmyfaq
< 2.8.6

CVE-2014-0813
CVE-2014-0814
http://www.phpmyfaq.de/advisory_2014-02-04.php