CVE-2017-15734

Summary: CVE-2017-15734 affects phpMyFAQ prior to 2.9.9 and is a CSRF in admin/stat.main.php. The vulnerability arises due to missing CSRF token validation in the affected action (e.g., clear-visits) within stat.main.php, allowing unauthorized state-changing requests when a user is authenticated....

CVE-2017-15732

In phpMyFAQ (versions before 2.9.9), there is a Cross-Site Request Forgery (CSRF) vulnerability in admin/news.php due to missing CSRF protection. This affects the news-management functionality and can allow an attacker to perform unauthorized operations (e.g., actions on news entries) without use...

CVE-2017-15731

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/stat.adminlog.php...

CVE-2017-15730

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/stat.ratings.php...

CVE-2017-15729

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF for adding a glossary...

CVE-2017-15730

CVE-2017-15730 affects phpMyFAQ before 2.9.9. The vulnerability is a Cross-Site Request Forgery (CSRF) in the admin/stat.ratings.php handler that allows an attacker to cause unauthorized actions (modifying information) without user consent. Public references in the provided documents include CVE ...

CVE-2017-15727

The CVE-2017-15727 entry concerns phpMyFAQ prior to 2.9.9, with a Stored Cross-site Scripting (XSS) vulnerability via an HTML attachment. Multiple connected sources (NVD/NVD-derived, CNVD, OSV, CVE lists, and OpenVAS notes) consistently describe that an attacker can inject arbitrary script by upl...

CVE-2017-15728

CVE-2017-15728 affects phpMyFAQ prior to 2.9.9, exposing a Stored Cross-site Scripting (XSS) vulnerability through metaDescription or metaKeywords fields. Public sources (NVD entry and Red Hat advisory) describe the flaw as an XSS issue in phpMyFAQ versions before 2.9.9. The OpenVAS entry and CNV...

CVE-2017-15735

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF for modifying a glossary...

CVE-2017-15733

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/ajax.attachment.php and admin/att.main.php...

CVE-2017-15729

CVE-2017-15729 affects phpMyFAQ versions earlier than 2.9.9. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to add a glossary without proper protection. Public documentation from multiple sources describes that, in vulnerable installations, a malicious acto...

CVE-2017-15734

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/stat.main.php...

CVE-2017-15731

CVE-2017-15731 affects phpMyFAQ prior to 2.9.9, with a CSRF vulnerability in admin/stat.adminlog.php. The issue arises from missing CSRF protections, potentially enabling unauthorized actions (e.g., deleting the admin log) via a crafted request in an authenticated session. Remediation: upgrade to...

CVE-2017-15727

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting XSS via an HTML attachment...

phpMyFAQ 2.9.8 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...

phpMyFAQ 2.9.8 - Cross-Site Scripting (2)

phpMyFAQ 2.9.8 - Cross-Site Scripting 2 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...

phpMyFAQ 2.9.8 Cross Site Scripting

Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps CVE: CVE-2017-1461...

phpMyFAQ 2.9.8 - Cross-Site Scripting (2)

Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps CVE: CVE-2017-1461...

FreeBSD : phpmyfaq -- multiple issues (33888815-631e-4bba-b776-a9b46fe177b5)

phpmyfaq developers report : Cross-site scripting XSS vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an 'Add New FAQ' action. Cross-site scripting XSS vulnerability in phpMyFAQ through 2.9.8 allo...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to cross-site scripting XSS attacks. The library does not escape the Title of your FAQ field in the Configuration module, allowing a malicious user to inject and execute arbitrary web script...