Stored Cross-site Scripting Vulnerability in phpMyFAQ by phpMyFAQ Team
CVE-2017-15727

5.4MEDIUM

Key Information:

Vendor: pHPMyFAQ
Status: pHPMyFAQ
Vendor: CVE Published:; 22 October 2017

What is CVE-2017-15727?

In phpMyFAQ prior to version 2.9.9, a stored cross-site scripting (XSS) vulnerability exists due to improper handling of HTML attachments. An attacker can exploit this vulnerability to inject malicious scripts into web pages viewed by users, leading to potential unauthorized actions and data theft. It is crucial to upgrade to the latest version to mitigate this security risk.

References

https://www.exploit-db.com/exploits/43063/

exploitx_refsource_EXPLOIT-DB

https://github.com/thorsten/phpMyFAQ/commit/5c3e4f96ff0ef...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2017
Vulnerability Reserved
Oct 21, 2017

JSON

pHPMyFAQ

What is CVE-2017-15727?

References

CVSS V3.1

Timeline