phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Phpmyfaq |
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-0558 | phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. |
 Github GHSA |
GHSA-7m8g-fprr-47fx | phpMyFAQ vulnerable to stored XSS on attachments filename |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 17 Jun 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-06-17T14:01:12.409Z
Reserved: 2024-01-25T15:09:40.211Z
Link: CVE-2024-24574
Vulnrichment
Updated: 2024-08-01T23:19:52.930Z
NVD
Status : Modified
Published: 2024-02-05T21:15:12.340
Modified: 2024-11-21T08:59:27.143
Link: CVE-2024-24574
Redhat
No data.
OpenCVE Enrichment
No data.