CVE-2023-6890

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 16, 2023

Updated: Feb 8, 2024

CWE ID 79

Summary

CVE-2023-6890 refers to a Cross-Site Scripting (XSS) vulnerability discovered in the GitHub repository thorsten/phpmyfaq before version 3.1.17. Malicious scripts injected into the affected software could be stored and executed in users' browsers when they view a crafted webpage. This issue poses a significant security risk as it allows attackers to steal sensitive information, manipulate webpages, or even gain unauthorized access to user accounts. Users of the phpmyfaq software are strongly advised to update to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Phpmyfaq

Affected Vendors

Phpmyfaq

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t0qJFB
https://www.cve.org/CVERecord?id=CVE-2023-6890
https://nvd.nist.gov/vuln/detail/CVE-2023-6890

Back to Vulnerability Database