CVE-2014-0814
https://notcve.org/view.php?id=CVE-2014-0814
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN30050348/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000015 http://osvdb.org/102940 http://secunia.com/advisories/56006 http://www.phpmyfaq.de/advisory_2014-02-04.php http://www.securityfocus.com/bid/65368 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0813
https://notcve.org/view.php?id=CVE-2014-0813
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. Vulnerabilidad de CSRF en phpMyFAQ anterior a 2.8.6 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que modifiquen configuraciones. • http://jvn.jp/en/jp/JVN50943964/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000016 http://osvdb.org/102939 http://secunia.com/advisories/56006 http://www.phpmyfaq.de/advisory_2014-02-04.php http://www.securityfocus.com/bid/65368 https://exchange.xforce.ibmcloud.com/vulnerabilities/90963 • CWE-352: Cross-Site Request Forgery (CSRF) •