From b3506d6b828b0a211bedcadc9b3489ce1d53eb32 Mon Sep 17 00:00:00 2001 From: Florian Smeets Date: Sun, 11 Feb 2024 10:49:23 +0100 Subject: security/vuxml: add phpmyfaq < 3.2.5 --- security/vuxml/vuln/2024.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index b9cafe0dcc71..5ce1aa06740f 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,38 @@ + + phpmyfaq -- multiple vulnerabilities + + + phpmyfaq-php81 + phpmyfaq-php82 + phpmyfaq-php83 + 3.2.5 + + + + +

phpMyFAQ team reports:

+
phpMyFAQ doesn't implement sufficient checks to avoid XSS when + storing on attachments filenames. The 'sharing FAQ' functionality + allows any unauthenticated actor to misuse the phpMyFAQ application + to send arbitrary emails to a large range of targets. phpMyFAQ's + user removal page allows an attacker to spoof another user's + detail, and in turn make a compelling phishing case for removing + another user's account.
+

+ + + + https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx + https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg + https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35 + + + 2024-02-05 + 2024-02-11 + + + openexr -- Heap Overflow in Scanline Deep Data Parsing -- cgit v1.2.3