CVE-2024-56199: phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

January 2, 2025

Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped before being rendered on the page.

References

github.com/advisories/GHSA-ww33-jppq-qfrp
github.com/thorsten/phpMyFAQ
github.com/thorsten/phpMyFAQ/security/advisories/GHSA-ww33-jppq-qfrp
nvd.nist.gov/vuln/detail/CVE-2024-56199

Code Behaviors & Features

Detect and mitigate CVE-2024-56199 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →