Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

[TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ

From: tk () trapkit de
Date: Sat, 19 Nov 2005 20:10:09 +0100 (CET)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory:            Multiple Cross Site Scripting vulnerabilities in
                     phpMyFAQ
Name:                TKADV2005-11-004
Revision:            1.0              
Release Date:        2005/11/19 
Last Modified:       2005/11/19 
Author:              Tobias Klein (tk at trapkit.de)
Affected Software:   phpMyFAQ (all versions <= phpMyFAQ 1.5.3) 
Risk:                Critical ( ) High (x) Medium ( ) Low ( )  
Vendor URL:          http://www.phpmyfaq.de/ 
Vendor Status:       Vendor has released an updated version  


========= 
Overview:
========= 

  phpMyFAQ is a multilingual, completely database-driven FAQ-system.

  Version 1.5.3 and prior contain multiple persistent Cross Site 
  Scripting vulnerabilities. 
  

========= 
Solution: 
=========

  Upgrade to phpMyFAQ 1.5.4 or newer.
  
  http://www.phpmyfaq.de/download.php
  
  
For more details see: 

  http://www.trapkit.de/advisories/TKADV2005-11-004.txt
  

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7
Q9va6jZFp+mJS94hk+8LcRkQ
=HLVb
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: