CVSS: 6.1EPSS: 0%CPEs: 119EXPL: 3CVE-2009-4780 – phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4780
21 Apr 2010 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show a... • https://www.exploit-db.com/exploits/33385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 117EXPL: 0CVE-2009-4040
https://notcve.org/view.php?id=CVE-2009-4040
20 Nov 2009 — Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzado (XSS) en phpMyFAQ antes de v2.0.17 y v2.5.x antes de v2.5.2, cuando se utiliza con Internet Explorer v6 o v7, permite a atacantes remotos inyectar HTML o scripts web a través de parámetros no es... • http://secunia.com/advisories/37354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •