Matt Zajork/ Journal/ CVE-2023-5867 - Stored XSS in Attachment File Name in thorsten/phpmyfaq/ CVE-2023-5867 - Stored XSS in Attachment File Name in thorsten/phpmyfaq 30 October 2023·1 min Table of Contents Description References Description #A stored cross-site scripting vulnerability exists in PHPMyFAQ version phpMyFAQ 4.0.0-dev within attachment file names. References # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5867 https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0/ https://nvd.nist.gov/vuln/detail/CVE-2023-5867 https://www.phpmyfaq.de/security/advisory-2023-10-27