Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21485 Vulnerability (CVE-2022-21485)
MySQL CVE-2023-21878 Vulnerability (CVE-2023-21878)
WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)
WordPress Plugin Falang multilanguage for WordPress Cross-Site Scripting (1.3.17)
WordPress Plugin Random image gallery with pretty photo zoom Cross-Site Scripting (7.4)