CVE-2024-56199
CVSS 3.1 Score 5.2 of 10 (medium)
Details
Summary
CVE-2024-56199 is a vulnerability affecting the open-source FAQ web application, phpMyFAQ. Starting from version 3.2.10 and before 4.0.2, this issue allows attackers to inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`. By introducing malformed HTML elements that overlap buttons, images, and iframes, an attacker can disrupt the FAQ page's user interface, leading to a Denial of Service for legitimate users. This manipulation can also damage the user experience and potentially be abused for phishing or defacement attacks. Version 4.0.2 includes a patch to address this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Phpmyfaq