Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

Remediation

References

CVE-2017-14619

Related Vulnerabilities

WordPress Plugin Advanced AJAX Product Filters Security Bypass (1.3.6.1)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-40603)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (3.0.30)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16147)

Moodle Other Vulnerability (CVE-2004-2235)

Severity

Medium

Classification

CVE-2017-14619 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities