Lucene search

HistoryNov 16, 2009 - 12:00 a.m.

phpMyFAQ Search Page Cross Site Scripting Vulnerability

2009-11-1600:00:00

plugins.openvas.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

phpMyFAQ is prone to a cross-site scripting vulnerability because the
application fails to properly sanitize user-supplied input.

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100348");
  script_version("2023-07-27T05:05:08+0000");
  script_tag(name:"last_modification", value:"2023-07-27 05:05:08 +0000 (Thu, 27 Jul 2023)");
  script_tag(name:"creation_date", value:"2009-11-16 11:47:06 +0100 (Mon, 16 Nov 2009)");
  script_cve_id("CVE-2009-4040");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_name("phpMyFAQ Search Page Cross Site Scripting Vulnerability");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/37020");
  script_xref(name:"URL", value:"http://www.phpmyfaq.de/advisory_2009-09-01.php");

  script_tag(name:"qod_type", value:"remote_banner");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_dependencies("phpmyfaq_detect.nasl");
  script_require_ports("Services/www", 80);
  script_mandatory_keys("phpmyfaq/installed");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"solution", value:"Updates are available. Please see the references for details.");

  script_tag(name:"summary", value:"phpMyFAQ is prone to a cross-site scripting vulnerability because the
  application fails to properly sanitize user-supplied input.");

  script_tag(name:"impact", value:"An attacker may leverage this issue to execute arbitrary script code
  in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker
  to steal cookie-based authentication credentials and to launch other attacks.");

  script_tag(name:"affected", value:"Versions prior to phpMyFAQ 2.5.2 and 2.0.17 are vulnerable.");

  exit(0);
}

include("http_func.inc");
include("port_service_func.inc");
include("version_func.inc");

port = http_get_port(default:80);
if(!version = get_kb_item(string("www/", port, "/phpmyfaq")))exit(0);
if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);

vers = matches[1];

if(vers && "unknown" >!< vers) {
  if(version_in_range(version: vers, test_version: "2.5", test_version2: "2.5.1") ||
    version_in_range(version: vers, test_version: "2.0", test_version2: "2.0.16")) {
    security_message(port:port);
    exit(0);
  }
}

exit(0);

References

www.phpmyfaq.de/advisory_2009-09-01.php

www.securityfocus.com/bid/37020

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Related for OPENVAS:1361412562310100348