CVE-2005-3734 Information

Description

Cross-site scripting (XSS) vulnerability in the \add content\ page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema (2) username and (3) usermail parameters.

Reference

http://secunia.com/advisories/17649 http://securityreason.com/securityalert/196 http://www.osvdb.org/20989 http://www.phpmyfaq.de/advisory_2005-11-18.php http://www.securityfocus.com/archive/1/417219/30/0/threaded http://www.securityfocus.com/bid/15504 http://www.trapkit.de/advisories/TKADV2005-11-004.txt http://www.vupen.com/english/advisories/2005/2505