Page 20 of 98 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 145EXPL: 0

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN30050348/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015 http://osvdb.org/102940 http://secunia.com/advisories/56006 http://www.phpmyfaq.de/advisory_2014-02-04.php http://www.securityfocus.com/bid/65368 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 145EXPL: 0

Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. Vulnerabilidad de CSRF en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que modifiquen configuraciones. • http://jvn.jp/en/jp/JVN50943964/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016 http://osvdb.org/102939 http://secunia.com/advisories/56006 http://www.phpmyfaq.de/advisory_2014-02-04.php http://www.securityfocus.com/bid/65368 https://exchange.xforce.ibmcloud.com/vulnerabilities/90963 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 3%CPEs: 119EXPL: 3

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en phpMyFAQ antes de v2.6.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del PATH_INFO a index.php. phpMyFAQ version 2.6.8 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/34785 http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt http://seclists.org/bugtraq/2010/Sep/207 http://secunia.com/advisories/41625 http://www.openwall.com/lists/oss-security/2012/03/08/2 http://www.openwall.com/lists/oss-security/2012/03/08/7 http://www.osvdb.org/68268 http://www.phpmyfaq.de/advisory_2010-09-28.php https://exchange.xforce.ibmcloud.com/vulnerabilities/62092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •