FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f5a48a7a-61d3-11ed-9094-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

a pre-auth SQL injection in then saving user comments

a reflected cross-site scripting vulnerability in the search

a stored cross-site scripting vulnerability in the meta data administration

a weak password requirement


Discovery 2022-10-24
Entry 2022-11-11
phpmyfaq
< 3.1.8

https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d/
https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983/
https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47/
005dfb48-990d-11ed-b9d3-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in "Add new question"

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in admin user page

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in FAQ comments

phpMyFAQ does not implement sufficient checks to avoid a blind stored XSS in admin open question page

phpMyFAQ does not implement sufficient checks to avoid a reflected XSS in the admin backend login

phpMyFAQ does not implement sufficient checks to avoid stored XSS on user, category, FAQ, news and configuration admin backend

phpMyFAQ does not implement sufficient checks to avoid weak passwords


Discovery 2023-01-15
Entry 2023-01-20
phpmyfaq
< 3.1.10

https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde/
https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215/
https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69/
https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a/
https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6/
https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9/
https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857/
https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67/
https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256/
c253c4aa-5126-11ed-8a21-589cfc0f81b0phpmyfaq -- CSRF vulnerability

phpmyfaq developers report:

phpMyFAQ does not implement sufficient checks to avoid CSRF when logging out an user.


Discovery 2022-10-02
Entry 2022-10-21
phpmyfaq
< 3.1.7

https://huntr.dev/bounties/76095ac1-da12-449b-9564-4a086be96592/
439f3f81-7a49-11ed-97ac-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

an authenticated SQL injection when adding categories in the admin backend

a stored cross-site scripting vulnerability in the category name

a stored cross-site scripting vulnerability in the admin logging

a stored cross-site scripting vulnerability in the FAQ title

a PostgreSQL based SQL injection for the lang parameter

a SQL injection when storing an instance name in the admin backend

a SQL injection when adding attachments in the admin backend

a stored cross-site scripting vulnerability when adding users by admins

a missing "secure" flag for cookies when using TLS

a cross-site request forgery / cross-site scripting vulnerability when saving new questions

a reflected cross-site scripting vulnerability in the admin backend


Discovery 2022-12-11
Entry 2022-12-12
phpmyfaq
< 3.1.9

https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b/
https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea/
https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c/
https://huntr.dev/bounties/5944f154-c0ab-4547-9d9d-3101e86eb975/
https://huntr.dev/bounties/315aa78d-7bd2-4b14-86f2-b5c211e62034/
https://huntr.dev/bounties/eb3a8ea3-daea-4555-a3e6-80b82f533792/
https://huntr.dev/bounties/faac0c92-8d4b-4901-a933-662b661a3f99/
https://huntr.dev/bounties/56499a60-2358-41fe-9b38-8cb23cdfc17c/
https://huntr.dev/bounties/f531bbf2-32c8-4efe-8156-ae9bc6b5d3aa/
https://huntr.dev/bounties/322c12b1-08d5-4ee3-9d94-d4bb40366c7a/
https://huntr.dev/bounties/f2857bc7-8fbc-489a-9a38-30b93300eec5/