[TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Multiple Cross Site Scripting vulnerabilities in
phpMyFAQ
Name: TKADV2005-11-004
Revision: 1.0
Release Date: 2005/11/19
Last Modified: 2005/11/19
Author: Tobias Klein (tk at trapkit.de)
Affected Software: phpMyFAQ (all versions <= phpMyFAQ 1.5.3)
Risk: Critical ( ) High (x) Medium ( ) Low ( )
Vendor URL: http://www.phpmyfaq.de/
Vendor Status: Vendor has released an updated version
=========
Overview:
=========
phpMyFAQ is a multilingual, completely database-driven FAQ-system.
Version 1.5.3 and prior contain multiple persistent Cross Site
Scripting vulnerabilities.
=========
Solution:
=========
Upgrade to phpMyFAQ 1.5.4 or newer.
http://www.phpmyfaq.de/download.php
For more details see:
http://www.trapkit.de/advisories/TKADV2005-11-004.txt
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7
Q9va6jZFp+mJS94hk+8LcRkQ
=HLVb
-----END PGP SIGNATURE-----