Main Vulnerability Database SB2025010207

SB2025010207 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in phpMyFAQ

Published: January 2, 2025 Updated: May 5, 2026

Security Bulletin ID SB2025010207

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CVE-ID: CVE-2024-56199)

The vulnerability allows a remote user to inject malicious HTML or JavaScript code.

The vulnerability exists due to improper neutralization of script-related HTML tags in a web page in index.php?action=editentry when rendering user-supplied FAQ content. A remote privileged user can submit a specially crafted FAQ entry to inject malicious HTML or JavaScript code.

User interaction is required when another user views the crafted FAQ entry.

Remediation

Install update from vendor's website.

References

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-ww33-jppq-qfrp