Multiple Cross Site Scripting vulnerabilities in phpMyFAQ

2005.11.22
Credit: Tobias Klein
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2005-3734
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Multiple Cross Site Scripting vulnerabilities in phpMyFAQ Name: TKADV2005-11-004 Revision: 1.0 Release Date: 2005/11/19 Last Modified: 2005/11/19 Author: Tobias Klein (tk at trapkit.de) Affected Software: phpMyFAQ (all versions <= phpMyFAQ 1.5.3) Risk: Critical ( ) High (x) Medium ( ) Low ( ) Vendor URL: http://www.phpmyfaq.de/ Vendor Status: Vendor has released an updated version ========= Overview: ========= phpMyFAQ is a multilingual, completely database-driven FAQ-system. Version 1.5.3 and prior contain multiple persistent Cross Site Scripting vulnerabilities. ========= Solution: ========= Upgrade to phpMyFAQ 1.5.4 or newer. http://www.phpmyfaq.de/download.php For more details see: http://www.trapkit.de/advisories/TKADV2005-11-004.txt -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7 Q9va6jZFp+mJS94hk+8LcRkQ =HLVb -----END PGP SIGNATURE-----


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top