Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Phpmyfaq
(Phpmyfaq)| Repositories | https://github.com/thorsten/phpMyFAQ |
| #Vulnerabilities | 124 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-10-22 | CVE-2017-15733 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. | Phpmyfaq | 8.8 | ||
| 2017-10-22 | CVE-2017-15732 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. | Phpmyfaq | 8.8 | ||
| 2017-10-22 | CVE-2017-15731 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. | Phpmyfaq | 8.8 | ||
| 2017-10-22 | CVE-2017-15730 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | Phpmyfaq | 8.8 | ||
| 2017-10-22 | CVE-2017-15729 | In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | Phpmyfaq | 8.8 | ||
| 2017-10-22 | CVE-2017-15728 | In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | Phpmyfaq | 4.8 | ||
| 2017-10-22 | CVE-2017-15727 | In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | Phpmyfaq | 5.4 | ||
| 2017-09-20 | CVE-2017-14619 | Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | Phpmyfaq | 6.1 | ||
| 2017-09-20 | CVE-2017-14618 | Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | Phpmyfaq | 4.8 | ||
| 2018-08-28 | CVE-2014-6050 | phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. | Phpmyfaq | 5.3 |