Home > Vulnerability Database > CVE-2024-29179

Mend.io Vulnerability Database

CVE-2024-29179

Date: March 25, 2024

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.

Language: PHP

Severity Score

4.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29179

Url: https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9

Url: https://github.com/thorsten/phpMyFAQ

Url: https://www.mend.io/vulnerability-database/CVE-2024-29179

Severity Score

4.8

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29179

Date: March 25, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?