3 matches found
CVE-2026-46363
CVE-2026-46363 affects phpMyFAQ prior to 4.1.2. It is a stored XSS in FAQ creation and update endpoints where sanitization is bypassed through encode–decode cycles. Exploitation requires authenticated access with the FAQ_ADD permission; an attacker can inject malicious script tags via question or...
CVE-2026-3321
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q history. This publicly exposed data may...
May 2014 Security Bulletin Webcast and Q&A
Today we published the May 2014 Security Bulletin Webcast Questions & Answers page. We answered 17 questions in total, with the majority focusing on the update for SharePoint MS14-022, Group Policy MS14-025 and Internet Explorer MS14-029. Here is the video replay: We invite you to join us for the...