Home > Vulnerability Database > CVE-2024-29179

Mend.io Vulnerability Database

CVE-2024-29179

Good to know:

Date: March 25, 2024

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.

Language: PHP

Severity Score

4.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29179

Url: https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9

Url: https://www.mend.io/vulnerability-database/CVE-2024-29179

Severity Score

4.3

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 3.2.6

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29179

Good to know:

Date: March 25, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?