Vulnerabilities > Phpmyfaq > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-28 | CVE-2014-6050 | 7PK - Security Features vulnerability in PHPmyfaq phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. | 5.3 |
| 2018-08-28 | CVE-2014-6048 | Information Exposure vulnerability in PHPmyfaq phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attachments via a direct request. | 5.3 |
| 2018-08-28 | CVE-2014-6047 | Permission Issues vulnerability in PHPmyfaq phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to read arbitrary attachments by leveraging incorrect "download an attachment" permission checks. | 5.3 |
| 2017-10-23 | CVE-2017-15809 | Cross-site Scripting vulnerability in PHPmyfaq In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. | 6.1 |
| 2017-10-22 | CVE-2017-15728 | Cross-site Scripting vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. | 4.8 |
| 2017-10-22 | CVE-2017-15727 | Cross-site Scripting vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. | 5.4 |
| 2017-09-20 | CVE-2017-14619 | Cross-site Scripting vulnerability in PHPmyfaq Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | 6.1 |
| 2017-09-20 | CVE-2017-14618 | Cross-site Scripting vulnerability in PHPmyfaq Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | 4.8 |
| 2017-04-07 | CVE-2017-7579 | Cross-site Scripting vulnerability in PHPmyfaq inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | 6.1 |