phpMyFaq admin/tags.main.php file cross-site scripting vulnerability

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site scripting vulnerability exists in th...

Cross-site request forgery vulnerability in phpMyFaq admin/ajax.config.php file

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...

Cross site request forgery (csrf)

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

Code injection

In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag...

CVE-2017-15809

In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag...

CVE-2017-15809

In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag...

CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

CVE-2017-15809

CVE-2017-15809 affects phpMyFAQ prior to 2.9.9, with a cross-site scripting (XSS) vulnerability in admin/tags.main.php triggered by a crafted tag. The issue allows injection of arbitrary script within the admin interface. Public references identify that the vulnerability exists in versions before...

CVE-2017-15809

In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag...

CVE-2017-15808

In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php...

CVE-2017-15808

CVE-2017-15808 concerns phpMyFAQ prior to 2.9.9, where a cross‑site request forgery (CSRF) vulnerability exists in the admin/ajax.config.php endpoint. The included connected documents consistently describe a CSRF flaw in this file, enabling an attacker to trigger unauthorized operations from an a...

Cross-site Request Forgery (CSRF)

phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The application does not have CSRF protection for the phpmyfaq/admin/glossary.main.php file, allowing a malicious user to pass a request to the application to overwrite the current glossary...

Cross-site Request Forgery (CSRF)

phpmyfaq/phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The application does not have CSRF protection for the phpmyfaq/admin/stat.main.php file, allowing a malicious user to send a request to the application to clear the visits value on the stat page...

Cross-site Request Forgery (CSRF)

phpmyfaq/phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The library does not have CSRF protection for the phpmyfaq/admin/ajax.attachment.php and phpmyfaq/admin/att.main.php files, allowing a malicious user to send a request to the application to delete attachments...

Cross-site Request Forgery (CSRF)

phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The library is missing CSRF protection in the phpmyfaq/admin/news.php file, allowing a malicious user to send a request to delete a news entry...

Cross-site Request Forgery (CSRF)

phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The application does not have any CSRF protections for the phpmyfaq/admin/stat.adminlog.php file, allowing a malicious user to send a request to delete the admin log...

Cross-site Request Forgery (CSRF)

phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The application does not implement any CSRF protections in the phpmyfaq/admin/stat.ratings.php file, allowing a malicious user to send an unauthorized request to modify the information presented...

Cross-Site Request Forgery (CSRF)

phpmyfaq is vulnerable to cross-site request forgery CSRF attacks. The application has no CSRF protections when adding a glossary, allowing a malicious user to send a request to edit the glossary...

Cross-site Scripting (XSS)

phpmyfaq is vulnerable to cross-site scripting XSS attacks. The application does not sanitize the metaDescription and metaKeyword values, allowing a malicious user to inject and execute arbitrary web script...