Description In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. Remediation References CVE-2017-15728 Related Vulnerabilities WordPress Plugin Classified Listing Store & Membership Cross-Site Scripting (1.4.19) WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Multiple Cross-Site Scripting Vulnerabilities (2.0.27) Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186) WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Multiple Vulnerabilities (1.12.20) MySQL CVE-2017-3640 Vulnerability (CVE-2017-3640) Severity Medium Classification CVE-2017-15728 CWE-707 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Tags Missing Update Known Vulnerabilities