Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

thorsten — Vulnerabilities & Security Advisories 96

Browse all 96 CVE security advisories affecting thorsten. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Thorsten operates as a specialized software solution, primarily serving enterprise environments with core functionalities centered around data management and workflow automation. Security audits have identified ninety-six Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a significant historical attack surface. The most prevalent vulnerability classes include Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation flaws, which have frequently allowed unauthorized actors to gain administrative control or inject malicious scripts. These issues often stem from insufficient input validation and improper access control mechanisms within the application’s architecture. While no single catastrophic incident has been widely publicized as a defining event, the cumulative volume of disclosed CVEs suggests persistent challenges in patch management and secure coding practices. Organizations utilizing Thorsten must prioritize rigorous vulnerability scanning and timely updates to mitigate the risk of exploitation inherent in its known defect profile.

Top products by thorsten: thorsten/phpmyfaq phpMyFAQ
CVE IDTitleCVSSSeverityPublished
CVE-2026-34974 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation — phpMyFAQCWE-79 5.4 Medium2026-04-02
CVE-2026-34973 phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure — phpMyFAQCWE-943 8.2AIHighAI2026-04-02
CVE-2026-34729 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes() — phpMyFAQCWE-79 6.1 Medium2026-04-02
CVE-2026-34728 phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController — phpMyFAQCWE-22 8.7 High2026-04-02
CVE-2026-32629 phpMyFAQ: Stored XSS via Unsanitized Email Field in Admin FAQ Editor — phpMyFAQCWE-20 6.1AIMediumAI2026-04-02
CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint — phpMyFAQCWE-862 7.5 High2026-02-27
CVE-2026-24422 phpMyFAQ: Public API endpoints expose emails and invisible questions — phpMyFAQCWE-200 5.3 Medium2026-01-24
CVE-2026-24420 phpMyFAQ: Attachment download allowed without dlattachment right (broken access control) — phpMyFAQCWE-284 6.5 Medium2026-01-24
CVE-2026-24421 phpMyFAQ missing authorization exposes /api/setup/backup to any authenticated user — phpMyFAQCWE-862 6.5 Medium2026-01-24
CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup — phpMyFAQCWE-202 7.5 High2025-12-29
CVE-2025-68951 phpMyFAQ has stored XSS in admin "List of users" via display_name HTML entity decoding (html_entity_decode) + Twig |raw — phpMyFAQCWE-79 5.4 Medium2025-12-29
CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality — phpMyFAQCWE-89 7.2 High2025-11-17
CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email — phpMyFAQCWE-286 8.1 High2025-10-03
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ — phpMyFAQCWE-79 5.2 Medium2025-01-02
CVE-2024-55889 phpMyFAQ Vulnerable to Unintended File Download Triggered by Embedded Frames — phpMyFAQCWE-451 4.9 Medium2024-12-13
CVE-2024-54141 phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available — phpMyFAQCWE-209 8.6 High2024-12-06
CVE-2024-29196 phpMyFAQ Path Traversal in Attachments — phpMyFAQCWE-22 3.8 Low2024-03-26
CVE-2024-29179 phpMyFAQ Stored Cross-site Scripting at File Attachments — phpMyFAQCWE-79 4.8AIMediumAI2024-03-25
CVE-2024-28108 phpMyFAQ Stored HTML Injection at contentLink — phpMyFAQCWE-79 4.7 Medium2024-03-25
CVE-2024-28107 phpMyFAQ SQL injections at insertentry & saveentry — phpMyFAQCWE-89 8.8 High2024-03-25
CVE-2024-28106 phpMyFAQ Stored XSS at FAQ News Content — phpMyFAQCWE-79 4.3 Medium2024-03-25
CVE-2024-28105 phpMyFAQ's File Upload Bypass at Category Image Leads to RCE — phpMyFAQCWE-434 7.2 High2024-03-25
CVE-2024-27300 phpMyFAQ Stored XSS at user email — phpMyFAQCWE-79 5.5 Medium2024-03-25
CVE-2024-27299 phpMyFAQ SQL Injection at "Save News" — phpMyFAQCWE-89 8.8 High2024-03-25
CVE-2024-24574 phpMyFAQ vulnerable to stored XSS on attachments filename — phpMyFAQCWE-79 6.5 Medium2024-02-05
CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes — phpMyFAQCWE-863 6.5 Medium2024-02-05
CVE-2024-22202 User Removal Page Allows Spoofing Of User Details — phpMyFAQCWE-284 5.7 Medium2024-02-05
CVE-2023-6889 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq — thorsten/phpmyfaqCWE-79 5.4 -2023-12-16
CVE-2023-6890 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq — thorsten/phpmyfaqCWE-79 5.4 -2023-12-16
CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq — thorsten/phpmyfaqCWE-614 5.3 -2023-10-31

This page lists every published CVE security advisory associated with thorsten. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.