FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- multiple issues

Affected packages
phpmyfaq <= 2.9.8

Details

VuXML ID 33888815-631e-4bba-b776-a9b46fe177b5
Discovery 2017-09-20
Entry 2017-09-29

phpmyfaq developers report:

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

[source]

References

CVE Name CVE-2017-14618
CVE Name CVE-2017-14619
URL https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86
URL https://www.exploit-db.com/exploits/42761/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.