CVE-2017-15730 – phpMyFAQ 2.9.8 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-15730
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. En phpMyFAQ en versiones anteriores a la 2.9.9 hay Cross-Site Request Forgery (CSRF) en admin/stat.ratings.php. • https://www.exploit-db.com/exploits/43064 https://github.com/thorsten/phpMyFAQ/commit/cce47f94375bb0102ab4f210672231dbb854dd0d • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-14618 – PHPMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-14618
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en inc/PMF/Faq.php en phpMyFAQ hasta la versión 2.9.8 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Questions en una acción "Add New FAQ". phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/42761 http://www.phpmyfaq.de/security/advisory-2017-10-19 https://packetstormsecurity.com/files/144280/phpMyFAQ-2.9.8-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-14619 – phpMyFAQ 2.9.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-14619
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en phpMyFAQ hasta la versión 2.9.8 permite que atacantes remotos inyecten scripts web o HTML mediante el campo "Title of your FAQ" en el módulo de configuración. phpMyFAQ version 2.9.8 suffers from a persistent cross site scripting vulnerability where an attacker can embed malicious script code in the title of the faq. • https://www.exploit-db.com/exploits/42987 http://www.phpmyfaq.de/security/advisory-2017-10-19 https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86 https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-11187
https://notcve.org/view.php?id=CVE-2017-11187
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. phpMyFAQ anterior a versión 2.9.8, no mitiga apropiadamente los ataques de fuerza bruta que intentan muchas contraseñas durante inicios de sesión intentados rápidamente. • http://www.phpmyfaq.de/security/advisory-2017-07-12 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2017-7579
https://notcve.org/view.php?id=CVE-2017-7579
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. inc/PMF/Faq.php en phpMyFAQ en versiones anteriores a 2.9.7 tiene XSS en el campo de pregunta. • http://www.phpmyfaq.de/security/advisory-2017-04-02 https://github.com/thorsten/phpMyFAQ/commit/a69f32175c28af1b34e5df83000f830e60f6bce9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •