Aggregates CVE and security vulnerability intelligence across all phpMyFAQ-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf, vendor risk sql injection, vendor risk path handling, and vendor risk input validation and related problems; some flaws may lead to vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-0787 | Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | [email protected] | 8.1 | 0.53% | 2023-02-12 | 2026-06-17 |
| CVE-2023-0786 | Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | [email protected] | 8.4 | 0.60% | 2023-02-12 | 2026-06-17 |
| CVE-2023-0314 | Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 6.1 | 0.51% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0313 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 5.4 | 0.40% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0312 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 6.1 | 0.56% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0311 | Improper Authentication in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 9.8 | 0.93% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0310 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 5.4 | 0.55% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0309 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 5.4 | 0.49% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0308 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 5.4 | 0.49% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0307 | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 9.8 | 0.64% | 2023-01-15 | 2026-06-17 |
| CVE-2023-0306 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | [email protected] | 5.4 | 0.54% | 2023-01-15 | 2026-06-17 |
| CVE-2022-4409 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | [email protected] | 7.5 | 0.42% | 2022-12-11 | 2026-06-17 |
| CVE-2022-4408 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | [email protected] | 5.4 | 0.48% | 2022-12-11 | 2026-06-17 |
| CVE-2022-4407 | Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | [email protected] | 6.1 | 4.38% | 2022-12-11 | 2026-06-17 |
| CVE-2022-3766 | Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | [email protected] | 6.1 | 5.74% | 2022-10-31 | 2026-06-17 |
| CVE-2022-3765 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | [email protected] | 5.4 | 0.53% | 2022-10-31 | 2026-06-17 |
| CVE-2022-3754 | Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | [email protected] | 9.8 | 1.14% | 2022-10-29 | 2026-06-17 |
| CVE-2022-3608 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. | [email protected] | 8.4 | 0.92% | 2022-10-19 | 2026-06-17 |
| CVE-2018-16651 | The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. | [email protected] | 7.2 | 1.37% | 2018-09-07 | 2026-06-16 |
| CVE-2018-16650 | phpMyFAQ before 2.9.11 allows CSRF. | [email protected] | 8.8 | 0.50% | 2018-09-07 | 2026-06-16 |