What is phpMyFAQ ?
Free Download
38 translationsphpMyFAQ Security Advisory
phpMyFAQ 2.5.x XSS vulnerabilities
- Issued on:
- 2009-12-01
- Software:
- phpMyFAQ <= 2.5.4
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned of multiple security issues that have been discovered in phpMyFAQ 2.5.x
Description
When using Microsoft Internet Explorer 6 or 7 phpMyFAQ doesn't sanitize various variables in different pages correctly. With a properly crafted URL it is e.g. possible to inject JavaScript code into the output of a page, which could result in the leakage of domain cookies (f.e. session identifiers).
Solution
The phpMyFAQ Team has released new phpMyFAQ version 2.5.5 which fix the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.
Workaround
There's no workaround except installing phpMyFAQ 2.5.5.
Credits
The phpMyFAQ Team would like to thank Amol Naik for reporting the vulnerability.