CVE-2024-27300
- Source
- https://cve.org/CVERecord?id=CVE-2024-27300
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27300.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-27300
- Aliases
- Published
- 2024-03-25T18:30:35.810Z
- Modified
- 2025-11-30T17:55:16.100806Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- phpMyFAQ Stored XSS at user email
- Details
-
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The
emailfield in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP'sFILTER_VALIDATE_EMAILfunction, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6. - Database specific
{ "cwe_ids": [ "CWE-79" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27300.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/27xxx/CVE-2024-27300.json
- https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459
- https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209
- https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx
- https://nvd.nist.gov/vuln/detail/CVE-2024-27300
Affected packages
Git / github.com/thorsten/phpmyfaq
Affected ranges
- Type
- GIT
- Repo
- https://github.com/thorsten/phpmyfaq
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.10.0-alpha
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.6.0
2.6.0-RC
2.6.0-alpha
2.6.0-beta
2.6.1
2.6.10
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.7.0-RC
2.7.0-alpha
2.7.0-alpha2
2.7.0-beta
2.7.0-beta2
2.7.0-beta3
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.8.0
2.8.0-RC
2.8.0-RC2
2.8.0-RC3
2.8.0-RC4
2.8.0-alpha
2.8.0-alpha2
2.8.0-alpha3
2.8.0-beta
2.8.0-beta2
2.8.0-beta3
2.8.1
2.8.10
2.8.11
2.8.12
2.8.13
2.8.14
2.8.15
2.8.16
2.8.17
2.8.18
2.8.19
2.8.2
2.8.20
2.8.21
2.8.22
2.8.23
2.8.24
2.8.25
2.8.26
2.8.27
2.8.28
2.8.29
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.9.0
2.9.0-RC
2.9.0-RC2
2.9.0-RC3
2.9.0-RC4
2.9.0-alpha
2.9.0-alpha2
2.9.0-alpha3
2.9.0-alpha4
2.9.0-beta
2.9.0-beta2
2.9.1
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.7
2.9.8
2.9.9
3.*
3.0.0
3.0.0-RC
3.0.0-RC.2
3.0.0-alpha
3.0.0-alpha.2
3.0.0-alpha.3
3.0.0-alpha.4
3.0.0-beta
3.0.0-beta.2
3.0.0-beta.3
3.0.1
3.0.10
3.0.11
3.0.12
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.0-RC
3.1.0-alpha
3.1.0-alpha.2
3.1.0-alpha.3
3.1.0-beta
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
3.2.0
3.2.0-RC
3.2.0-RC.2
3.2.0-RC.4
3.2.0-alpha
3.2.0-beta
3.2.0-beta.2
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5