| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051119191009.8BC8790005@www.strato-webmail.de>
Date: Sat, 19 Nov 2005 20:10:09 +0100 (CET)
From: tk@...pkit.de
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: [TKADV2005-11-004] Multiple Cross Site Scripting
vulnerabilities in phpMyFAQ
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Multiple Cross Site Scripting vulnerabilities in
phpMyFAQ
Name: TKADV2005-11-004
Revision: 1.0
Release Date: 2005/11/19
Last Modified: 2005/11/19
Author: Tobias Klein (tk at trapkit.de)
Affected Software: phpMyFAQ (all versions <= phpMyFAQ 1.5.3)
Risk: Critical ( ) High (x) Medium ( ) Low ( )
Vendor URL: http://www.phpmyfaq.de/
Vendor Status: Vendor has released an updated version
=========
Overview:
=========
phpMyFAQ is a multilingual, completely database-driven FAQ-system.
Version 1.5.3 and prior contain multiple persistent Cross Site
Scripting vulnerabilities.
=========
Solution:
=========
Upgrade to phpMyFAQ 1.5.4 or newer.
http://www.phpmyfaq.de/download.php
For more details see:
http://www.trapkit.de/advisories/TKADV2005-11-004.txt
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQ392HJF8YHACG4RBEQKmkwCfVT7mGy0M2gclF60c6k2QNRYgL3IAoPC7
Q9va6jZFp+mJS94hk+8LcRkQ
=HLVb
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists