FreeBSD : phpmyfaq -- multiple issues (33888815-631e-4bba-b776-a9b46fe177b5)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

phpmyfaq developers report :

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in
phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web
script or HTML via the Questions field in an 'Add New FAQ' action.

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8
allows remote attackers to inject arbitrary web script or HTML via the
'Title of your FAQ' field in the Configuration Module.

See also :

http://www.nessus.org/u?c1cd5531
http://www.nessus.org/u?89041e09

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 103584 ()

Bugtraq ID:

CVE ID: CVE-2017-14618
CVE-2017-14619

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now