Cross-site Scripting Vulnerability in phpMyFAQ Software by phpMyFAQ
CVE-2017-14619

6.1MEDIUM

Key Information:

Vendor

pHPMyFAQ

Status
pHPMyFAQ
Vendor
CVE Published:
20 September 2017

What is CVE-2017-14619?

The phpMyFAQ software up to version 2.9.8 is vulnerable to a cross-site scripting (XSS) vulnerability. This flaw allows attackers to inject arbitrary web scripts or HTML content through the 'Title of your FAQ' field in the Configuration Module. This can lead to various security breaches, including unauthorized access and data manipulation. It's essential for users to apply necessary patches to safeguard against potential attacks.

References

https://www.exploit-db.com/exploits/42987/
exploitx_refsource_EXPLOIT-DB
https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd9...
x_refsource_MISC
http://www.phpmyfaq.de/security/advisory-2017-10-19
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.