<<< Date Index >>>     <<< Thread Index >>>

[TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory:            Multiple Cross Site Scripting vulnerabilities in
                     phpMyFAQ
Name:                TKADV2005-11-004
Revision:            1.0              
Release Date:        2005/11/19 
Last Modified:       2005/11/19 
Author:              Tobias Klein (tk at trapkit.de)
Affected Software:   phpMyFAQ (all versions <= phpMyFAQ 1.5.3) 
Risk:                Critical ( ) High (x) Medium ( ) Low ( )  
Vendor URL:          http://www.phpmyfaq.de/ 
Vendor Status:       Vendor has released an updated version  


========= 
Overview:
========= 

  phpMyFAQ is a multilingual, completely database-driven FAQ-system.

  Version 1.5.3 and prior contain multiple persistent Cross Site 
  Scripting vulnerabilities. 
  

========= 
Solution: 
=========

  Upgrade to phpMyFAQ 1.5.4 or newer.
  
  http://www.phpmyfaq.de/download.php
  
  
For more details see: 

  http://www.trapkit.de/advisories/TKADV2005-11-004.txt
  

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7
Q9va6jZFp+mJS94hk+8LcRkQ
=HLVb
-----END PGP SIGNATURE-----