Stored Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Stored Cross-site Scripting XSS. The vulnerability exists due to the improper sanitization in the adminlog of the stat.adminlog.php, which allows an attacker to inject and execute malicious JavaScript through the $text attribute...

CVE-2017-15731

CVE-2017-15731 affects phpMyFAQ prior to 2.9.9, with a CSRF vulnerability in admin/stat.adminlog.php. The issue arises from missing CSRF protections, potentially enabling unauthorized actions (e.g., deleting the admin log) via a crafted request in an authenticated session. Remediation: upgrade to...