Vulnerabilities > Phpmyfaq > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-20 | CVE-2017-14619 | Cross-site Scripting vulnerability in PHPmyfaq Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | 4.3 |
| 2017-07-12 | CVE-2017-11187 | Improper Restriction of Excessive Authentication Attempts vulnerability in PHPmyfaq phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. | 5.0 |
| 2017-04-07 | CVE-2017-7579 | Cross-site Scripting vulnerability in PHPmyfaq inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. | 4.3 |
| 2014-02-14 | CVE-2014-0814 | Cross-Site Scripting vulnerability in PHPmyfaq Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-02-14 | CVE-2014-0813 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings. | 6.8 |
| 2012-10-22 | CVE-2010-4821 | Cross-Site Scripting vulnerability in PHPmyfaq Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | 4.3 |
| 2011-09-24 | CVE-2011-3783 | Information Exposure vulnerability in PHPmyfaq 2.6.13 phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lang/language_uk.php and certain other files. | 5.0 |
| 2010-04-21 | CVE-2009-4780 | Cross-Site Scripting vulnerability in PHPmyfaq Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. | 4.3 |
| 2009-11-20 | CVE-2009-4040 | Cross-Site Scripting vulnerability in PHPmyfaq Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page. | 4.3 |
| 2007-02-21 | CVE-2007-1032 | Remote Security vulnerability in phpMyFAQ Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." Successful exploitation requires that "register_globals" is enabled. network phpmyfaq | 6.8 |