Description In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. Remediation References CVE-2017-15728 Related Vulnerabilities MySQL CVE-2019-2537 Vulnerability (CVE-2019-2537) WordPress Plugin WordPress Download Manager Unspecified Vulnerability (2.9.96) WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Multiple Vulnerabilities (4.6.0.3) PostgreSQL Other Vulnerability (CVE-2002-1400) WordPress Plugin Controlled Admin Access Security Bypass (1.5.5) Severity Medium Classification CVE-2017-15728 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Tags Missing Update Known Vulnerabilities