FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- multiple issues

Affected packages
phpmyfaq <= 2.9.8

Details

VuXML ID 33888815-631e-4bba-b776-a9b46fe177b5
Discovery 2017-09-20
Entry 2017-09-29

phpmyfaq developers report:

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

References

CVE Name CVE-2017-14618
CVE Name CVE-2017-14619
URL https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86
URL https://www.exploit-db.com/exploits/42761/