CVE-2023-2998 MEDIUM

CVE-2023-2998: Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Vendor Thorsten
Product thorsten/phpmyfaq
Weakness CWE-79 · XSS
Published May 31, 2023
Last update January 10, 2025
View on NVD All CVEs

CVSS base score

6.0/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.

Key dates

02Disclosure timeline

May 31, 2023 CVE published
January 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-20959 Cisco Identity Services Engine Cross-Site Scripting Vulnerability CVE-2026-4474 itsourcecode University Management System admin_single_student_update.php cross site scripting CVE-2024-52467 WordPress AI Responsive Gallery Album plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-2615 Cross-site Scripting (XSS) - Reflected in pimcore/pimcore CVE-2025-62094 WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0.1.2 - Cross Site Scripting (XSS) vulnerability