CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3765 – Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3765
31 Oct 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Cross-Site Scripting (XSS)- Almacenado en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8. • https://github.com/thorsten/phpmyfaq/commit/372428d02a08e90b3a253ba5c506cda84581a5af • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 28%CPEs: 1EXPL: 1CVE-2022-3766 – Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3766
31 Oct 2022 — Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Cross-Site Scripting (XSS):- Reflejadas en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8. • https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 1CVE-2022-3754 – Weak Password Requirements in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3754
29 Oct 2022 — Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8. Requisitos de Contraseñas Débiles en el repositorio de GitHub thorsten/phpmyfaq antes de 3.1.8. • https://github.com/thorsten/phpmyfaq/commit/d7a87d2646287828c70401ca8976ef531fbc77ea • CWE-521: Weak Password Requirements •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3608 – Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
https://notcve.org/view.php?id=CVE-2022-3608
19 Oct 2022 — Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-alpha. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub thorsten/phpmyfaq versiones anteriores a 3.2.0-alpha • https://github.com/thorsten/phpmyfaq/commit/37123edd50f854bd141e6fbe65221af2d5cf2677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16650
https://notcve.org/view.php?id=CVE-2018-16650
07 Sep 2018 — phpMyFAQ before 2.9.11 allows CSRF. phpMyFAQ en versiones anteriores a la 2.9.11 permite Cross-Site Request Forgery (CSRF). • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16651
https://notcve.org/view.php?id=CVE-2018-16651
07 Sep 2018 — The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. El backend de administrador en phpMyFAQ en versiones anteriores a la 2.9.11 permite la inyección CSV en los informes. • https://www.phpmyfaq.de/security/advisory-2018-09-02 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-6046 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6046
28 Aug 2018 — Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token. Múltiples vulnerabilidades de Cross-Site Request Forger... • https://www.exploit-db.com/exploits/34580 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 4%CPEs: 1EXPL: 1CVE-2014-6047 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6047
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con determinados permisos lean archivos adjuntos arbitrarios aprovechando comprobaciones incorrectas del permiso "download an attachment". • https://www.exploit-db.com/exploits/34580 • CWE-275: Permission Issues •
CVSS: 5.3EPSS: 6%CPEs: 1EXPL: 1CVE-2014-6048 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6048
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. phpMyFAQ en versiones anteriores a la 2.8.13 permite que atacantes remotos lean archivos adjuntos arbitrarios mediante una petición directa. • https://www.exploit-db.com/exploits/34580 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1CVE-2014-6049 – phpMyFAQ 2.8.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-6049
28 Aug 2018 — phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. phpMyFAQ en versiones anteriores a la 2.8.13 permite que usuarios autenticados remotos con privilegios de administrador omitan la autorización mediante un parámetro ID de instancia manipulado. • https://www.exploit-db.com/exploits/34580 • CWE-285: Improper Authorization •