Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote malicious users to inject arbitrary web script or HTML via the q parameter.
source: wwwsecurityfocuscom/bid/17860/info
OpenFAQ is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content
Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an a ...