Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

Remediation

References

CVE-2017-14619

Related Vulnerabilities

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8905)

WordPress Plugin PublishPress Future: Automatically Unpublish WordPress Posts Security Bypass (2.5.1)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-35030)

OpenSSL Other Vulnerability (CVE-2015-0288)

WordPress Plugin IMPress for IDX Broker Unspecified Vulnerability (2.5.11)

Severity

Medium

Classification

CVE-2017-14619 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities