CVE-2023-4007

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jul 31, 2023

Updated: Aug 3, 2023

CWE ID 362

Summary

CVE-2023-40 Thorsten's phpMyFAQ repository, versions prior to 3.1.16, harbors a Cross-site Scripting (XSS) vulnerability. An attacker can exploit this stored XSS flaw by injecting malicious scripts into the affected FAQ application. Successful exploitation allows the attacker to execute arbitrary code in the context of the vulnerable website, potentially leading to unauthorized access or data theft. Users are advised to upgrade to the patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sRbXR8
https://www.cve.org/CVERecord?id=CVE-2023-4007
https://nvd.nist.gov/vuln/detail/CVE-2023-4007

Back to Vulnerability Database