FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- cross site scripting vulnerabilities

Affected packages
phpmyfaq < 2.6.9

Details

VuXML ID 99021f88-ca3c-11df-be21-00e018aa7788
Discovery 2010-09-28
Entry 2010-10-02

The phpMyFAQ project reports:

The phpMyFAQ Team has learned of a security issue that has been discovered in phpMyFAQ 2.6.x: phpMyFAQ doesn't sanitize some variables in different pages correctly. With a properly crafted URL it is e.g. possible to inject JavaScript code into the output of a page, which could result in the leakage of domain cookies (f.e. session identifiers)..

[source]

References

FreeBSD PR ports/151055
URL http://www.phpmyfaq.de/advisory_2010-09-28.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.