CVE-2024-55889

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-451
View all →

Vulnerability Description

phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.

Related Vulnerabilities

CVE-2016-9473

MEDIUM
CVSS:4.7(Medium)

Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate d...

CWE-4512016

CVE-2025-29796

MEDIUM
CVSS:4.7(Medium)

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

CWE-4512025

CVE-2016-9460

MEDIUM
CVSS:5.3(Medium)

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. A...

CWE-4512016

CVE-2016-9467

MEDIUM
CVSS:5.3(Medium)

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed paramet...

CWE-4512016

CVE-2016-9468

MEDIUM
CVSS:5.3(Medium)

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially...

CWE-4512016