{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T07:31:23.841","vulnerabilities":[{"cve":{"id":"CVE-2024-24574","sourceIdentifier":"security-advisories@github.com","published":"2024-02-05T21:15:12.340","lastModified":"2024-11-21T08:59:27.143","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."},{"lang":"es","value":"phpMyFAQ es una aplicación web de preguntas frecuentes de código abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El eco inseguro del nombre de archivo en phpMyFAQ\\phpmyfaq\\admin\\attachments.php conduce a la ejecución permitida de código JavaScript en el lado del cliente (XSS). Esta vulnerabilidad ha sido parcheada en la versión 3.2.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-80"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.5","matchCriteriaId":"0203E85A-673E-4D3F-BAAF-AE6CABA807FD"}]}]}],"references":[{"url":"https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/thorsten/phpMyFAQ/pull/2827","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/thorsten/phpMyFAQ/pull/2827","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}