PhpMyFAQ GET Variable Cross-Site-Scripting Vulnerability Network Vulnerability

Summary

This host is installed with phpMyFAQ and is prone to Cross Site Scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code and cause cross-site scripting attacks. Impact Level: Application

Solution

Upgrade to phpMyFAQ 2.0.17 or 2.5.2 http://www.phpmyfaq.de/download.php

Insight

This vulnerability is caused because the application does not properly sanitize the input passed into 'GET' parameter in 'search.php'.

Affected

phpMyFAQ prior to 2.0.17 and 2.5.0 prior to 2.5.2.

References

http://secunia.com/advisories/37354
http://www.phpmyfaq.de/advisory_2009-09-01.php
http://www.vupen.com/english/advisories/2009/3241

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4040

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability

phpMyFAQ GET Variable Cross-Site-Scripting Vulnerability

Take action and discover your vulnerabilities