Description In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. Remediation References CVE-2017-15728 Related Vulnerabilities WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Multiple Vulnerabilities (3.4.33) Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0095) MyBB Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2022-39265) WordPress Plugin Divi Builder Cross-Site Scripting (2.17.2) WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8943) Severity Medium Classification CVE-2017-15728 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities