phpmyfaq -- cross site scripting vulnerabilities

ID 99021F88-CA3C-11DF-BE21-00E018AA7788
Type freebsd
Reporter FreeBSD
Modified 2010-09-28T00:00:00


The phpMyFAQ project reports:

The phpMyFAQ Team has learned of a security issue that has been discovered in phpMyFAQ 2.6.x: phpMyFAQ doesn't sanitize some variables in different pages correctly. With a properly crafted URL it is e.g. possible to inject JavaScript code into the output of a page, which could result in the leakage of domain cookies (f.e. session identifiers)..