[TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ

2005-11-20T00:00:00
ID SECURITYVULNS:DOC:10284
Type securityvulns
Reporter Securityvulns
Modified 2005-11-20T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Advisory: Multiple Cross Site Scripting vulnerabilities in phpMyFAQ Name: TKADV2005-11-004 Revision: 1.0
Release Date: 2005/11/19 Last Modified: 2005/11/19 Author: Tobias Klein (tk at trapkit.de) Affected Software: phpMyFAQ (all versions <= phpMyFAQ 1.5.3) Risk: Critical ( ) High (x) Medium ( ) Low ( )
Vendor URL: http://www.phpmyfaq.de/ Vendor Status: Vendor has released an updated version

========= Overview: =========

phpMyFAQ is a multilingual, completely database-driven FAQ-system.

Version 1.5.3 and prior contain multiple persistent Cross Site Scripting vulnerabilities.

========= Solution: =========

Upgrade to phpMyFAQ 1.5.4 or newer.

http://www.phpmyfaq.de/download.php

For more details see:

http://www.trapkit.de/advisories/TKADV2005-11-004.txt

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7 Q9va6jZFp+mJS94hk+8LcRkQ =HLVb -----END PGP SIGNATURE-----