Show filters
126 Total Results
Displaying 101-110 of 126
Sort by:
Attacker Value
Unknown

CVE-2017-15733

Disclosure Date: October 22, 2017 (last updated November 26, 2024)
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
0
0
Attacker Value
Unknown

CVE-2017-15735

Disclosure Date: October 22, 2017 (last updated November 26, 2024)
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary.
0
0
Attacker Value
Unknown

CVE-2017-14618

Disclosure Date: September 20, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
0
0
Attacker Value
Unknown

CVE-2017-14619

Disclosure Date: September 20, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
0
0
Attacker Value
Unknown

CVE-2017-11187

Disclosure Date: July 12, 2017 (last updated November 26, 2024)
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
0
0
Attacker Value
Unknown

CVE-2017-7579

Disclosure Date: April 07, 2017 (last updated November 26, 2024)
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
0
0
Attacker Value
Unknown

CVE-2014-0813

Disclosure Date: February 14, 2014 (last updated October 05, 2023)
Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings.
0
0
Attacker Value
Unknown

CVE-2014-0814

Disclosure Date: February 14, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2010-4821

Disclosure Date: October 22, 2012 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
0
0
Attacker Value
Unknown

CVE-2011-4825

Disclosure Date: December 15, 2011 (last updated October 04, 2023)
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
0
0
View More Topics  < Previous  Next >