CVE-2017-15730 – phpMyFAQ 2.9.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-15730
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.ratings.php. • https://www.exploit-db.com/exploits/43064 https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-15733
https://notcve.org/view.php?id=CVE-2017-15733
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/ajax.attachment.php y admin/att.main.php. • https://github.com/thorsten/phpMyFAQ/commit/ef5a66df4bcfacc7573322af33ce10c30e0bb896 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-15735
https://notcve.org/view.php?id=CVE-2017-15735
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) al modificar un glosario. • https://github.com/thorsten/phpMyFAQ/commit/867618110feb836e168435548d6c2cbb7c65eda3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-15728
https://notcve.org/view.php?id=CVE-2017-15728
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante metaDescription o metaKeywords. • https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15727 – PHPMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15727
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Scripting (XSS) persistente mediante un adjunto HTML. • https://www.exploit-db.com/exploits/43063 https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef6b91a3f0aa64eb28197c5cf5435 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •