lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 19 Nov 2005 20:10:09 +0100 (CET)
From: tk@...pkit.de
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: [TKADV2005-11-004] Multiple Cross Site Scripting
	vulnerabilities in phpMyFAQ



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory:            Multiple Cross Site Scripting vulnerabilities in
                     phpMyFAQ
Name:                TKADV2005-11-004
Revision:            1.0              
Release Date:        2005/11/19 
Last Modified:       2005/11/19 
Author:              Tobias Klein (tk at trapkit.de)
Affected Software:   phpMyFAQ (all versions <= phpMyFAQ 1.5.3) 
Risk:                Critical ( ) High (x) Medium ( ) Low ( )  
Vendor URL:          http://www.phpmyfaq.de/ 
Vendor Status:       Vendor has released an updated version  


========= 
Overview:
========= 

  phpMyFAQ is a multilingual, completely database-driven FAQ-system.

  Version 1.5.3 and prior contain multiple persistent Cross Site 
  Scripting vulnerabilities. 
  

========= 
Solution: 
=========

  Upgrade to phpMyFAQ 1.5.4 or newer.
  
  http://www.phpmyfaq.de/download.php
  
  
For more details see: 

  http://www.trapkit.de/advisories/TKADV2005-11-004.txt
  

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7
Q9va6jZFp+mJS94hk+8LcRkQ
=HLVb
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists