CVE-2009-4780 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action (2) the search parameter in a search action (3) the tagging_id parameter in a search action (4) the highlight parameter in an artikel action (5) the artlang parameter in an artikel action (6) the letter parameter in a sitemap action (7) the lang parameter in a show action (8) the cat parameter in a show action (9) the newslang parameter in a news action (10) the artlang parameter in a send2friend action (11) the cat parameter in a send2friend action (12) the id parameter in a send2friend action (13) the srclang parameter in a translate action (14) the id parameter in a translate action (15) the cat parameter in a translate action (16) the cat parameter in an add action or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Reference

http://secunia.com/advisories/37520 http://www.securityfocus.com/bid/37180

Share on: