FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-16 12:24:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8b3be705-eba7-11ee-99b3-589cfc0f81b0	phpmyfaq -- multiple vulnerabilities phpMyFAQ team reports: The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains cross-site scripting (XSS), SQL injection and bypass vulnerabilities. Discovery 2024-03-25 Entry 2024-03-26 phpmyfaq-php81 phpmyfaq-php82 phpmyfaq-php83 < 3.2.6 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw
cbfc1591-c8c0-11ee-b45a-589cfc0f81b0	phpmyfaq -- multiple vulnerabilities phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. Discovery 2024-02-05 Entry 2024-02-11 phpmyfaq-php81 phpmyfaq-php82 phpmyfaq-php83 < 3.2.5 https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35

VuXML ID

Description

8b3be705-eba7-11ee-99b3-589cfc0f81b0

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports:

The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains cross-site scripting (XSS), SQL injection and bypass vulnerabilities.

Discovery 2024-03-25
Entry 2024-03-26
phpmyfaq-php81
phpmyfaq-php82
phpmyfaq-php83

< 3.2.6

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw

cbfc1591-c8c0-11ee-b45a-589cfc0f81b0

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports:

phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account.

Discovery 2024-02-05
Entry 2024-02-11
phpmyfaq-php81
phpmyfaq-php82
phpmyfaq-php83

< 3.2.5

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35