Description
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
Exploits (1)
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86
Various Sources x_refsource_confirm
http://www.phpmyfaq.de/security/advisory-2017-10-19
Exploit, Third Party Advisory x_refsource_misc
https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42987/
Scores
CVSS v3
6.1
EPSS
0.0106
EPSS Percentile
77.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
phpmyfaq/phpmyfaq
< 2.9.8
Published
Sep 20, 2017
Tracked Since
Feb 18, 2026