Security Advisory 2009-09-01

phpMyFAQ 2.0.x XSS vulnerability

Issued on:
2009-09-01
Software:
phpMyFAQ <= 2.5.1
Risk:
High
Platforms:
all

The phpMyFAQ Team has learned of a security issue that has been discovered in phpMyFAQ 2.x

Description

When using Microsoft Internet Explorer 6 or 7 phpMyFAQ doesn't sanitize a GET variable in the search page correctly. With a properly crafted URL it is f.e. possible to inject HTML code into the output of the error message, which could result in the leakage of domain cookies (f.e. session identifiers).

Solution

The phpMyFAQ Team has released new phpMyFAQ versions 2.0.17 and 2.5.2 which fix the vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as possible to this latest version.

Workaround

There's no workaround except installing phpMyFAQ 2.0.17 or 2.5.2.

Credits

The phpMyFAQ Team would like to thank Or Katz from Breach Security and Yair Lapin from the Hebrew University of Jerusalem for reporting the vulnerability.

Back to the security advisories overview