Description In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. Remediation References CVE-2017-15728 Related Vulnerabilities Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129) PHP Other Vulnerability (CVE-2007-1522) Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4940) WordPress Plugin easyping-website subscriptions done right PHP Object Injection (0.0.1) WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress SQL Injection (3.6.3) Severity Medium Classification CVE-2017-15728 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities