Description In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. Remediation References CVE-2017-15728 Related Vulnerabilities Ruby Improper Authentication Vulnerability (CVE-2008-3905) MySQL CVE-2021-35623 Vulnerability (CVE-2021-35623) Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499) Pega Infinity Improper Authentication Vulnerability (CVE-2021-27651) PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5335) Severity Medium Classification CVE-2017-15728 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities