Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

Remediation

References

CVE-2017-14619

Related Vulnerabilities

WordPress Plugin FCChat Widget 'Upload.php' Arbitrary File Upload (2.2.13.1)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3810)

WordPress Plugin iframe Cross-Site Scripting (4.4)

WordPress Plugin Image Optimizer, Resizer and CDN-Sirv Arbitrary File Upload (7.2.6)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Directory Traversal (1.7.14.2)

Severity

Medium

Classification

CVE-2017-14619 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities