CVE-2017-14619

Опубликовано: 20 сент. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

Ссылки

http://www.phpmyfaq.de/security/advisory-2017-10-19
https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86
Patch
Third Party Advisory
https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html
https://www.exploit-db.com/exploits/42987/
http://www.phpmyfaq.de/security/advisory-2017-10-19
https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86
Patch
Third Party Advisory
https://packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.html
https://www.exploit-db.com/exploits/42987/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*

Версия до 2.9.8 (включая)

EPSS

Процентиль: 77%

0.01062

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vpgh-mhrw-p8rc