Netbizcity: >> Faqmasterflexplus Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts.
CVSS Score
4.3
EPSS Score
0.025
Published
2008-01-04
Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts.
CVSS Score
6.8
EPSS Score
0.006
Published
2008-01-04
FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access.
CVSS Score
6.4
EPSS Score
0.003
Published
2008-01-04