CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15733
https://notcve.org/view.php?id=CVE-2017-15733
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/ajax.attachment.php y admin/att.main.php. • https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15734
https://notcve.org/view.php?id=CVE-2017-15734
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.main.php. • https://github.com/thorsten/phpMyFAQ/commit/fa26c52384b010edaf60c525ae5b040f05da9f77 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15735
https://notcve.org/view.php?id=CVE-2017-15735
21 Oct 2017 — In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al modificar un glosario. • https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-14618 – PHPMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-14618
20 Sep 2017 — Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en inc/PMF/Faq.php en phpMyFAQ hasta la versión 2.9.8 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Questions en una acción "Add New FAQ". phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulner... • https://packetstorm.news/files/id/144280 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2017-14619 – phpMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-14619
20 Sep 2017 — Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en phpMyFAQ hasta la versión 2.9.8 permite que atacantes remotos inyecten scripts web o HTML mediante el campo "Title of your FAQ" en el módulo de configuración. phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker c... • https://packetstorm.news/files/id/144603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11187
https://notcve.org/view.php?id=CVE-2017-11187
12 Jul 2017 — phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. phpMyFAQ anterior a versión 2.9.8, no mitiga apropiadamente los ataques de fuerza bruta que intentan muchas contraseñas durante inicios de sesión intentados rápidamente. • http://www.phpmyfaq.de/security/advisory-2017-07-12 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7579
https://notcve.org/view.php?id=CVE-2017-7579
07 Apr 2017 — inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. inc/PMF/Faq.php en phpMyFAQ en versiones anteriores a 2.9.7 tiene XSS en el campo de pregunta. • http://www.phpmyfaq.de/security/advisory-2017-04-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 145EXPL: 0CVE-2014-0813
https://notcve.org/view.php?id=CVE-2014-0813
14 Feb 2014 — Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. Vulnerabilidad de CSRF en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que modifiquen configuraciones. • http://jvn.jp/en/jp/JVN50943964/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 145EXPL: 0CVE-2014-0814
https://notcve.org/view.php?id=CVE-2014-0814
14 Feb 2014 — Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN30050348/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 119EXPL: 3CVE-2010-4821 – PHPMyFAQ 2.6.x - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4821
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en phpMyFAQ antes de v2.6.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del PATH_INFO a index.php. • https://www.exploit-db.com/exploits/34785 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •