Search...

phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability

2009-11-26T00:00:00

ID OPENVAS:900982
Type openvas
Reporter Copyright (C) 2009 SecPod
Modified 2017-01-27T00:00:00

Description

This host is installed with phpMyFAQ and is prone to Cross Site Scripting vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_phpmyfaq_get_xss_vuln.nasl 5122 2017-01-27 12:16:00Z teissa $
#
# phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability
#
# Authors:
# Nikita MR &lt;rnikita@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow remote attackers to execute arbitrary HTML
  and script code and cause cross-site scripting attacks.
  Impact Level: Application";
tag_affected = "phpMyFAQ prior to 2.0.17 and 2.5.0 prior to 2.5.2.";
tag_insight = "This vulnerability is caused because the application does not properly sanitize
  the input passed into 'GET' parameter in 'search.php'.";
tag_solution = "Upgrade to phpMyFAQ 2.0.17 or 2.5.2
  http://www.phpmyfaq.de/download.php";
tag_summary = "This host is installed with phpMyFAQ and is prone to Cross Site
  Scripting vulnerability.";

if(description)
{
  script_id(900982);
  script_version("$Revision: 5122 $");
  script_tag(name:"last_modification", value:"$Date: 2017-01-27 13:16:00 +0100 (Fri, 27 Jan 2017) $");
  script_tag(name:"creation_date", value:"2009-11-26 06:39:46 +0100 (Thu, 26 Nov 2009)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_cve_id("CVE-2009-4040");
  script_bugtraq_id(37020);
  script_name("phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability");


  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_banner");
  script_copyright("Copyright (C) 2009 SecPod");
  script_family("Web application abuses");
  script_dependencies("phpmyfaq_detect.nasl", "gb_ms_ie_detect.nasl");
  script_require_ports("Services/www", 80);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_xref(name : "URL" , value : "http://secunia.com/advisories/37354");
  script_xref(name : "URL" , value : "http://www.phpmyfaq.de/advisory_2009-09-01.php");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2009/3241");
  exit(0);
}


include("http_func.inc");
include("version_func.inc");

pmfPort = get_http_port(default:80);
if(!pmfPort){
  exit(0);
}

pmfVer = get_kb_item("www/" + pmfPort + "/phpmyfaq");
pmfVer = eregmatch(pattern:"^(.+) under (/.*)$", string:pmfVer);

if(pmfVer[1] != NULL)
{
  if(version_is_less(version:pmfVer[1],  test_version:"2.0.17")||
     version_in_range(version:pmfVer[1], test_version:"2.5", test_version2:"2.5.1")){
    security_message(pmfPort);
  }
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:900982", "type": "openvas", "bulletinFamily": "scanner", "title": "phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability", "description": "This host is installed with phpMyFAQ and is prone to Cross Site\n Scripting vulnerability.", "published": "2009-11-26T00:00:00", "modified": "2017-01-27T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=900982", "reporter": "Copyright (C) 2009 SecPod", "references": ["http://www.phpmyfaq.de/advisory_2009-09-01.php", "http://www.vupen.com/english/advisories/2009/3241", "http://secunia.com/advisories/37354"], "cvelist": ["CVE-2009-4040"], "lastseen": "2017-07-02T21:14:19", "viewCount": 0, "enchantments": {"score": {"value": 4.6, "vector": "NONE", "modified": "2017-07-02T21:14:19", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4040"]}, {"type": "openvas", "idList": ["OPENVAS:100348", "OPENVAS:1361412562310900982", "OPENVAS:1361412562310100348"]}], "modified": "2017-07-02T21:14:19", "rev": 2}, "vulnersScore": 4.6}, "pluginID": "900982", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_phpmyfaq_get_xss_vuln.nasl 5122 2017-01-27 12:16:00Z teissa $\n#\n# phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary HTML\n and script code and cause cross-site scripting attacks.\n Impact Level: Application\";\ntag_affected = \"phpMyFAQ prior to 2.0.17 and 2.5.0 prior to 2.5.2.\";\ntag_insight = \"This vulnerability is caused because the application does not properly sanitize\n the input passed into 'GET' parameter in 'search.php'.\";\ntag_solution = \"Upgrade to phpMyFAQ 2.0.17 or 2.5.2\n http://www.phpmyfaq.de/download.php\";\ntag_summary = \"This host is installed with phpMyFAQ and is prone to Cross Site\n Scripting vulnerability.\";\n\nif(description)\n{\n script_id(900982);\n script_version(\"$Revision: 5122 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-27 13:16:00 +0100 (Fri, 27 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-26 06:39:46 +0100 (Thu, 26 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-4040\");\n script_bugtraq_id(37020);\n script_name(\"phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability\");\n\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"phpmyfaq_detect.nasl\", \"gb_ms_ie_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37354\");\n script_xref(name : \"URL\" , value : \"http://www.phpmyfaq.de/advisory_2009-09-01.php\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/3241\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\npmfPort = get_http_port(default:80);\nif(!pmfPort){\n exit(0);\n}\n\npmfVer = get_kb_item(\"www/\" + pmfPort + \"/phpmyfaq\");\npmfVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:pmfVer);\n\nif(pmfVer[1] != NULL)\n{\n if(version_is_less(version:pmfVer[1], test_version:\"2.0.17\")||\n version_in_range(version:pmfVer[1], test_version:\"2.5\", test_version2:\"2.5.1\")){\n security_message(pmfPort);\n }\n}\n", "naslFamily": "Web application abuses"}

{"cve": [{"lastseen": "2020-12-09T19:31:24", "description": "Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.", "edition": 5, "cvss3": {}, "published": "2009-11-20T19:30:00", "title": "CVE-2009-4040", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4040"], "modified": "2009-11-23T05:00:00", "cpe": ["cpe:/a:phpmyfaq:phpmyfaq:1.5.1", "cpe:/a:phpmyfaq:phpmyfaq:1.1.4", "cpe:/a:phpmyfaq:phpmyfaq:2.0.11", "cpe:/a:phpmyfaq:phpmyfaq:2.0.3", "cpe:/a:phpmyfaq:phpmyfaq:1.4.11", "cpe:/a:phpmyfaq:phpmyfaq:2.0.5", "cpe:/a:phpmyfaq:phpmyfaq:0.70", "cpe:/a:phpmyfaq:phpmyfaq:1.5_alpha2", "cpe:/a:phpmyfaq:phpmyfaq:0.65", "cpe:/a:phpmyfaq:phpmyfaq:1.3.10", "cpe:/a:phpmyfaq:phpmyfaq:1.0", "cpe:/a:phpmyfaq:phpmyfaq:1.3.8", "cpe:/a:phpmyfaq:phpmyfaq:0.95", "cpe:/a:phpmyfaq:phpmyfaq:2.0.14", "cpe:/a:phpmyfaq:phpmyfaq:2.0.4", "cpe:/a:phpmyfaq:phpmyfaq:1.4", "cpe:/a:phpmyfaq:phpmyfaq:0.87", "cpe:/a:phpmyfaq:phpmyfaq:2.0.12", "cpe:/a:phpmyfaq:phpmyfaq:2.0.8", "cpe:/a:phpmyfaq:phpmyfaq:1.6.2", "cpe:/a:phpmyfaq:phpmyfaq:1.4.6", "cpe:/a:phpmyfaq:phpmyfaq:1.4.1", "cpe:/a:phpmyfaq:phpmyfaq:1.1.4a", "cpe:/a:phpmyfaq:phpmyfaq:1.6.8", "cpe:/a:phpmyfaq:phpmyfaq:2.0.9", "cpe:/a:phpmyfaq:phpmyfaq:1.5.3", "cpe:/a:phpmyfaq:phpmyfaq:2.0.6", "cpe:/a:phpmyfaq:phpmyfaq:1.4.7", "cpe:/a:phpmyfaq:phpmyfaq:1.3.4", "cpe:/a:phpmyfaq:phpmyfaq:1.3.6", "cpe:/a:phpmyfaq:phpmyfaq:1.4.3", "cpe:/a:phpmyfaq:phpmyfaq:1.1.2", "cpe:/a:phpmyfaq:phpmyfaq:1.5.8", "cpe:/a:phpmyfaq:phpmyfaq:1.6.9", "cpe:/a:phpmyfaq:phpmyfaq:1.6.12", "cpe:/a:phpmyfaq:phpmyfaq:1.4.0a", "cpe:/a:phpmyfaq:phpmyfaq:1.6.3", "cpe:/a:phpmyfaq:phpmyfaq:1.4.9", "cpe:/a:phpmyfaq:phpmyfaq:1.3.3", "cpe:/a:phpmyfaq:phpmyfaq:0.86", "cpe:/a:phpmyfaq:phpmyfaq:1.3.2", "cpe:/a:phpmyfaq:phpmyfaq:1.5_beta1", "cpe:/a:phpmyfaq:phpmyfaq:1.6.1", "cpe:/a:phpmyfaq:phpmyfaq:1.2.5", "cpe:/a:phpmyfaq:phpmyfaq:2.0.0", "cpe:/a:phpmyfaq:phpmyfaq:1.1.0", "cpe:/a:phpmyfaq:phpmyfaq:1.4.4", "cpe:/a:phpmyfaq:phpmyfaq:2.0.2", "cpe:/a:phpmyfaq:phpmyfaq:1.4_alpha1", "cpe:/a:phpmyfaq:phpmyfaq:2.0.15", "cpe:/a:phpmyfaq:phpmyfaq:1.6.7", "cpe:/a:phpmyfaq:phpmyfaq:1.5.7", "cpe:/a:phpmyfaq:phpmyfaq:1.4.10", "cpe:/a:phpmyfaq:phpmyfaq:1.5.9", "cpe:/a:phpmyfaq:phpmyfaq:2.0.7", "cpe:/a:phpmyfaq:phpmyfaq:1.5.0", "cpe:/a:phpmyfaq:phpmyfaq:1.5.4", "cpe:/a:phpmyfaq:phpmyfaq:1.0.1a", "cpe:/a:phpmyfaq:phpmyfaq:1.4.0", "cpe:/a:phpmyfaq:phpmyfaq:1.3.1", "cpe:/a:phpmyfaq:phpmyfaq:1.6.10", "cpe:/a:phpmyfaq:phpmyfaq:1.6.4", "cpe:/a:phpmyfaq:phpmyfaq:1.3.0", "cpe:/a:phpmyfaq:phpmyfaq:1.2.3", "cpe:/a:phpmyfaq:phpmyfaq:2.5.1", "cpe:/a:phpmyfaq:phpmyfaq:0.666", "cpe:/a:phpmyfaq:phpmyfaq:1.4.8", "cpe:/a:phpmyfaq:phpmyfaq:1.6.6", "cpe:/a:phpmyfaq:phpmyfaq:0.85", "cpe:/a:phpmyfaq:phpmyfaq:1.3.11", "cpe:/a:phpmyfaq:phpmyfaq:0.80a", "cpe:/a:phpmyfaq:phpmyfaq:1.2.5b", "cpe:/a:phpmyfaq:phpmyfaq:1.5_beta2", "cpe:/a:phpmyfaq:phpmyfaq:2.0.1", "cpe:/a:phpmyfaq:phpmyfaq:1.2.4", "cpe:/a:phpmyfaq:phpmyfaq:1.1.5", "cpe:/a:phpmyfaq:phpmyfaq:1.4.2", "cpe:/a:phpmyfaq:phpmyfaq:2.0.16", "cpe:/a:phpmyfaq:phpmyfaq:1.4a", "cpe:/a:phpmyfaq:phpmyfaq:1.2.1", "cpe:/a:phpmyfaq:phpmyfaq:2.5.0", "cpe:/a:phpmyfaq:phpmyfaq:1.1.3", "cpe:/a:phpmyfaq:phpmyfaq:1.3.9pl1", "cpe:/a:phpmyfaq:phpmyfaq:1.5.6", "cpe:/a:phpmyfaq:phpmyfaq:1.3.13", "cpe:/a:phpmyfaq:phpmyfaq:1.4_alpha2", "cpe:/a:phpmyfaq:phpmyfaq:1.3.14", "cpe:/a:phpmyfaq:phpmyfaq:0.90", "cpe:/a:phpmyfaq:phpmyfaq:1.2.0", "cpe:/a:phpmyfaq:phpmyfaq:2.0.13", "cpe:/a:phpmyfaq:phpmyfaq:1.0.1", "cpe:/a:phpmyfaq:phpmyfaq:1.2.5a", "cpe:/a:phpmyfaq:phpmyfaq:1.3.7", "cpe:/a:phpmyfaq:phpmyfaq:1.1.1", "cpe:/a:phpmyfaq:phpmyfaq:1.5_alpha1", "cpe:/a:phpmyfaq:phpmyfaq:1.3.12", "cpe:/a:phpmyfaq:phpmyfaq:1.5.2", "cpe:/a:phpmyfaq:phpmyfaq:1.5", "cpe:/a:phpmyfaq:phpmyfaq:0.60", "cpe:/a:phpmyfaq:phpmyfaq:1.3.5", "cpe:/a:phpmyfaq:phpmyfaq:1.6.0", "cpe:/a:phpmyfaq:phpmyfaq:1.2.2", "cpe:/a:phpmyfaq:phpmyfaq:1.6.5", "cpe:/a:phpmyfaq:phpmyfaq:1.4.5", "cpe:/a:phpmyfaq:phpmyfaq:1.5_beta3", "cpe:/a:phpmyfaq:phpmyfaq:1.5.5", "cpe:/a:phpmyfaq:phpmyfaq:1.3.9", "cpe:/a:phpmyfaq:phpmyfaq:1.6.11", "cpe:/a:phpmyfaq:phpmyfaq:0.80", "cpe:/a:phpmyfaq:phpmyfaq:2.0.10"], "id": "CVE-2009-4040", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4040", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1a:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc4:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc1:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.60:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5b:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc3:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5a:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.65:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc2:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:rc5:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9pl1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.666:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4_alpha2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.4a:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.85:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.80a:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.86:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.87:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4a:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.4.0a:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.70:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:2.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyfaq:phpmyfaq:1.6.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:14:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4040"], "description": "phpMyFAQ is prone to a cross-site scripting vulnerability because the\napplication fails to properly sanitize user-supplied input.\n\nAn attacker may leverage this issue to execute arbitrary script code\nin the browser of an unsuspecting user in the context of the affected\nsite. This may allow the attacker to steal cookie-based authentication\ncredentials and to launch other attacks.\n\nVersions prior to phpMyFAQ 2.5.2 and 2.0.17 are vulnerable.", "modified": "2017-01-17T00:00:00", "published": "2009-11-16T00:00:00", "id": "OPENVAS:100348", "href": "http://plugins.openvas.org/nasl.php?oid=100348", "type": "openvas", "title": "phpMyFAQ Search Page Cross Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: phpMyFAQ_37020.nasl 5016 2017-01-17 09:06:21Z teissa $\n#\n# phpMyFAQ Search Page Cross Site Scripting Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"phpMyFAQ is prone to a cross-site scripting vulnerability because the\napplication fails to properly sanitize user-supplied input.\n\nAn attacker may leverage this issue to execute arbitrary script code\nin the browser of an unsuspecting user in the context of the affected\nsite. This may allow the attacker to steal cookie-based authentication\ncredentials and to launch other attacks.\n\nVersions prior to phpMyFAQ 2.5.2 and 2.0.17 are vulnerable.\";\n\ntag_solution = \"Updates are available. Please see the references for details.\";\n\nif (description)\n{\n script_id(100348);\n script_version(\"$Revision: 5016 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-17 10:06:21 +0100 (Tue, 17 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-16 11:47:06 +0100 (Mon, 16 Nov 2009)\");\n script_cve_id(\"CVE-2009-4040\");\n script_bugtraq_id(37020);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_name(\"phpMyFAQ Search Page Cross Site Scripting Vulnerability\");\n\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/37020\");\n script_xref(name : \"URL\" , value : \"http://www.phpmyfaq.de/\");\n script_xref(name : \"URL\" , value : \"http://www.phpmyfaq.de/advisory_2009-09-01.php\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"phpmyfaq_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\n\nif (!can_host_php(port:port)) exit(0);\n\nif(!version = get_kb_item(string(\"www/\", port, \"/phpmyfaq\")))exit(0);\nif(!matches = eregmatch(string:version, pattern:\"^(.+) under (/.*)$\"))exit(0);\n\nvers = matches[1];\n\nif(!isnull(vers) && vers >!< \"unknown\") {\n\n if(version_in_range(version: vers, test_version: \"2.5\", test_version2: \"2.5.1\") || \n version_in_range(version: vers, test_version: \"2.0\", test_version2: \"2.0.16\")) {\n security_message(port:port);\n exit(0);\n }\n\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-05-12T17:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4040"], "description": "phpMyFAQ is prone to a cross-site scripting vulnerability because the\n application fails to properly sanitize user-supplied input.", "modified": "2020-05-08T00:00:00", "published": "2009-11-16T00:00:00", "id": "OPENVAS:1361412562310100348", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100348", "type": "openvas", "title": "phpMyFAQ Search Page Cross Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# phpMyFAQ Search Page Cross Site Scripting Vulnerability\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100348\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-11-16 11:47:06 +0100 (Mon, 16 Nov 2009)\");\n script_cve_id(\"CVE-2009-4040\");\n script_bugtraq_id(37020);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_name(\"phpMyFAQ Search Page Cross Site Scripting Vulnerability\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/37020\");\n script_xref(name:\"URL\", value:\"http://www.phpmyfaq.de/advisory_2009-09-01.php\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"phpmyfaq_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpmyfaq/installed\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for details.\");\n\n script_tag(name:\"summary\", value:\"phpMyFAQ is prone to a cross-site scripting vulnerability because the\n application fails to properly sanitize user-supplied input.\");\n\n script_tag(name:\"impact\", value:\"An attacker may leverage this issue to execute arbitrary script code\n in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker\n to steal cookie-based authentication credentials and to launch other attacks.\");\n\n script_tag(name:\"affected\", value:\"Versions prior to phpMyFAQ 2.5.2 and 2.0.17 are vulnerable.\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = http_get_port(default:80);\nif(!version = get_kb_item(string(\"www/\", port, \"/phpmyfaq\")))exit(0);\nif(!matches = eregmatch(string:version, pattern:\"^(.+) under (/.*)$\"))exit(0);\n\nvers = matches[1];\n\nif(!isnull(vers) && vers >!< \"unknown\") {\n if(version_in_range(version: vers, test_version: \"2.5\", test_version2: \"2.5.1\") ||\n version_in_range(version: vers, test_version: \"2.0\", test_version2: \"2.0.16\")) {\n security_message(port:port);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:40:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4040"], "description": "This host is installed with phpMyFAQ and is prone to Cross Site Scripting\n vulnerability.", "modified": "2019-03-07T00:00:00", "published": "2009-11-26T00:00:00", "id": "OPENVAS:1361412562310900982", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900982", "type": "openvas", "title": "phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_phpmyfaq_get_xss_vuln.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:phpmyfaq:phpmyfaq';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900982\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-26 06:39:46 +0100 (Thu, 26 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2009-4040\");\n script_bugtraq_id(37020);\n\n script_name(\"phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"phpmyfaq_detect.nasl\");\n script_mandatory_keys(\"phpmyfaq/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary\n HTML and script code and cause cross-site scripting attacks.\");\n\n script_tag(name:\"affected\", value:\"phpMyFAQ prior to 2.0.17 and 2.5.0 prior to 2.5.2.\");\n\n script_tag(name:\"insight\", value:\"This vulnerability is caused because the application does not properly\n sanitize the input passed into 'GET' parameter in 'search.php'.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"solution\", value:\"Upgrade to phpMyFAQ 2.0.17 or 2.5.2\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpMyFAQ and is prone to Cross Site Scripting\n vulnerability.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37354\");\n script_xref(name:\"URL\", value:\"http://www.phpmyfaq.de/advisory_2009-09-01.php\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/3241\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less(version: version, test_version: \"2.0.17\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.0.17\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nif (version_in_range(version: version, test_version: \"2.5\", test_version2: \"2.5.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"2.5.2\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}