[TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ

tk_at_trapkit.de
Date: 11/19/05

  • Next message: Irene Abezgauz: "Security Advisory: Struts Error Message Cross Site Scripting"
    To: full-disclosure@lists.grok.org.uk
    Date: Sat, 19 Nov 2005 20:10:09 +0100 (CET)
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Advisory: Multiple Cross Site Scripting vulnerabilities in
                         phpMyFAQ
    Name: TKADV2005-11-004
    Revision: 1.0
    Release Date: 2005/11/19
    Last Modified: 2005/11/19
    Author: Tobias Klein (tk at trapkit.de)
    Affected Software: phpMyFAQ (all versions <= phpMyFAQ 1.5.3)
    Risk: Critical ( ) High (x) Medium ( ) Low ( )
    Vendor URL: http://www.phpmyfaq.de/
    Vendor Status: Vendor has released an updated version

    =========
    Overview:
    =========

      phpMyFAQ is a multilingual, completely database-driven FAQ-system.

      Version 1.5.3 and prior contain multiple persistent Cross Site
      Scripting vulnerabilities.
      

    =========
    Solution:
    =========

      Upgrade to phpMyFAQ 1.5.4 or newer.
      
      http://www.phpmyfaq.de/download.php
      
      
    For more details see:

      http://www.trapkit.de/advisories/TKADV2005-11-004.txt
      

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1

    iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7
    Q9va6jZFp+mJS94hk+8LcRkQ
    =HLVb
    -----END PGP SIGNATURE-----


  • Next message: Irene Abezgauz: "Security Advisory: Struts Error Message Cross Site Scripting"

    Relevant Pages