Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.

Remediation

References

CVE-2009-4040

Related Vulnerabilities

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43841)

WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)

TYPO3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2010-5101)

Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-14209)

MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-36125)

Severity

Medium

Classification

CVE-2009-4040 CWE-707

Tags

Missing Update Known Vulnerabilities