Medium severity6.1NVD Advisory· Published Sep 20, 2017· Updated May 13, 2026

CVE-2017-14619

Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.

Affected products

PhpMyAdmin/Phpmyfaq
cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*
Range: <=2.9.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86nvdPatchThird Party Advisory
www.phpmyfaq.de/security/advisory-2017-10-19nvd
packetstormsecurity.com/files/144603/phpMyFAQ-2.9.8-Cross-Site-Scripting.htmlnvd
www.exploit-db.com/exploits/42987/nvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000