Matt Zajork/Journal/CVE-2023-5867 - Stored XSS in Attachment File Name in thorsten/phpmyfaq/CVE-2023-5867 - Stored XSS in Attachment File Name in thorsten/phpmyfaq30 October 2023·1 minTable of ContentsDescriptionReferencesDescription #A stored cross-site scripting vulnerability exists in PHPMyFAQ version phpMyFAQ 4.0.0-dev within attachment file names.References #https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5867https://huntr.com/bounties/5c09b32e-a041-4a1e-a277-eb3e80967df0/https://nvd.nist.gov/vuln/detail/CVE-2023-5867https://www.phpmyfaq.de/security/advisory-2023-10-27