Description

Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.

Remediation

References

CVE-2005-3734

Related Vulnerabilities

WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)

PHP Numeric Errors Vulnerability (CVE-2007-1383)

WordPress 3.8.x Denial of Service Vulnerability (3.8 - 3.8.25)

Microsoft SQL Server CVE-2023-23384 Vulnerability (CVE-2023-23384)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Multiple Cross-Site Scripting Vulnerabilities (4.15.17)

Severity

Medium

Classification

CVE-2005-3734

Tags

Missing Update Known Vulnerabilities