CVE-2017-14619

MEDIUM

phpmyfaq <= 2.9.8 - Stored Cross-Site Scripting via FAQ Title Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14619. PoCs published by Ishaq Mohammed.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in phpMyFAQ 2.9.8, where an attacker can inject malicious JavaScript via the 'Title of your FAQ' field in the Configuration Module. The PoC involves entering a malicious payload and triggering it by navigating to the affected page.

Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

Exploits (1)

exploitdb WRITEUP
by Ishaq Mohammed · textwebappsphp
https://www.exploit-db.com/exploits/42987

This is a writeup describing a stored XSS vulnerability in phpMyFAQ 2.9.8, where an attacker can inject malicious JavaScript via the 'Title of your FAQ' field in the Configuration Module. The PoC involves entering a malicious payload and triggering it by navigating to the affected page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: phpMyFAQ 2.9.8
Auth required
Prerequisites: Administrator access to the phpMyFAQ admin panel
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
http://www.phpmyfaq.de/security/advisory-2017-10-19
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42987/

Scores

CVSS v3 6.1
EPSS 0.0217
EPSS Percentile 79.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
phpmyfaq/phpmyfaq < 2.9.8
Published Sep 20, 2017
Tracked Since Feb 18, 2026