[TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ
From: tk@xxxxxxxxxx
Date: Sat, 19 Nov 2005 20:10:09 +0100 (CET)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory:            Multiple Cross Site Scripting vulnerabilities in
                     phpMyFAQ
Name:                TKADV2005-11-004
Revision:            1.0              
Release Date:        2005/11/19 
Last Modified:       2005/11/19 
Author:              Tobias Klein (tk at trapkit.de)
Affected Software:   phpMyFAQ (all versions <= phpMyFAQ 1.5.3) 
Risk:                Critical ( ) High (x) Medium ( ) Low ( )  
Vendor URL:          http://www.phpmyfaq.de/ 
Vendor Status:       Vendor has released an updated version  


========= 
Overview:
========= 

  phpMyFAQ is a multilingual, completely database-driven FAQ-system.

  Version 1.5.3 and prior contain multiple persistent Cross Site 
  Scripting vulnerabilities. 
  

========= 
Solution: 
=========

  Upgrade to phpMyFAQ 1.5.4 or newer.
  
  http://www.phpmyfaq.de/download.php
  
  
For more details see: 

  http://www.trapkit.de/advisories/TKADV2005-11-004.txt
  

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7
Q9va6jZFp+mJS94hk+8LcRkQ
=HLVb
-----END PGP SIGNATURE-----

Prev by Date: [ GLSA 200511-15 ] Smb4k: Local unauthorized file access
Next by Date: Security Advisory: Struts Error Message Cross Site Scripting
Previous by thread: [ GLSA 200511-15 ] Smb4k: Local unauthorized file access
Next by thread: Security Advisory: Struts Error Message Cross Site Scripting
Index(es):
- Date
- Thread