Vulnerabilities > Phpmyfaq > Phpmyfaq > 2.7.8

DATE CVE VULNERABILITY TITLE RISK
2017-07-12 CVE-2017-11187 Improper Restriction of Excessive Authentication Attempts vulnerability in PHPmyfaq
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
network
low complexity
phpmyfaq CWE-307
5.0
5.0
2017-04-07 CVE-2017-7579 Cross-site Scripting vulnerability in PHPmyfaq
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
network
phpmyfaq CWE-79
4.3
4.3
2014-02-14 CVE-2014-0814 Cross-Site Scripting vulnerability in PHPmyfaq
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
phpmyfaq CWE-79
4.3
4.3
2014-02-14 CVE-2014-0813 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
network
phpmyfaq CWE-352
6.8
6.8