CVE-2024-56199

CVSS 3.1 Score 5.2 of 10 (medium)

Details

Published Jan 2, 2025
CWE ID 79
CWE ID 80

Summary

CVE-2024-56199 is a vulnerability affecting the open-source FAQ web application, phpMyFAQ. Starting from version 3.2.10 and before 4.0.2, this issue allows attackers to inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`. By introducing malformed HTML elements that overlap buttons, images, and iframes, an attacker can disrupt the FAQ page's user interface, leading to a Denial of Service for legitimate users. This manipulation can also damage the user experience and potentially be abused for phishing or defacement attacks. Version 4.0.2 includes a patch to address this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share