Описание
Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts.
EPSS
4.3 Medium
CVSS2