CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 2CVE-2013-2637 – OTRS 3.x - FAQ Module Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2637
12 Feb 2020 — A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en OTRS ITSM versiones anteriores a 3.2.4, 3.1.8 y 3.0.7 y FAQ versiones anteriores a 2.1.4 y 2.0.8, por medio de changes, workorder items, y FAQ articles, podrían permitir a un usuario malicioso remoto ej... • https://www.exploit-db.com/exploits/24922 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2006-4008 – Knusperleicht FAQ 1.0 Script - 'index.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4008
07 Aug 2006 — PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Knusperleicht Faq 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro faq_path. • https://www.exploit-db.com/exploits/28319 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 6CVE-2005-3938 – SoftBiz FAQ 1.1 - 'add_comment.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3938
01 Dec 2005 — SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php. • https://www.exploit-db.com/exploits/26677 •