Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-4780

Published: 21/04/2010 Updated: 24/04/2010
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Phpmyfaq

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ prior to 2.5.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Product Search on Vulmon Subscribe to Product

phpmyfaq phpmyfaq 2.0.1

phpmyfaq phpmyfaq 2.0.0

phpmyfaq phpmyfaq 2.0.8

phpmyfaq phpmyfaq 2.0.6

phpmyfaq phpmyfaq 2.5.1

phpmyfaq phpmyfaq 2.0.13

phpmyfaq phpmyfaq 1.6.9

phpmyfaq phpmyfaq 0.80

phpmyfaq phpmyfaq 0.666

phpmyfaq phpmyfaq 1.2.2

phpmyfaq phpmyfaq 1.2.0

phpmyfaq phpmyfaq 1.1.4a

phpmyfaq phpmyfaq 1.1.2

phpmyfaq phpmyfaq 1.1.0

phpmyfaq phpmyfaq 1.4.6

phpmyfaq phpmyfaq 1.4.4

phpmyfaq phpmyfaq 1.6.12

phpmyfaq phpmyfaq 1.5.0

phpmyfaq phpmyfaq 1.3.1

phpmyfaq phpmyfaq 1.2.5b

phpmyfaq phpmyfaq 1.3.9

phpmyfaq phpmyfaq 1.3.7

phpmyfaq phpmyfaq 1.5

phpmyfaq phpmyfaq 1.5.6

phpmyfaq phpmyfaq 1.6.1

phpmyfaq phpmyfaq 1.6.3

phpmyfaq phpmyfaq 1.4

phpmyfaq phpmyfaq

phpmyfaq phpmyfaq 2.0.12

phpmyfaq phpmyfaq 2.0.11

phpmyfaq phpmyfaq 2.0.10

phpmyfaq phpmyfaq 2.0.9

phpmyfaq phpmyfaq 0.90

phpmyfaq phpmyfaq 0.87

phpmyfaq phpmyfaq 0.86

phpmyfaq phpmyfaq 0.85

phpmyfaq phpmyfaq 1.1.5

phpmyfaq phpmyfaq 1.1.3

phpmyfaq phpmyfaq 1.1.4

phpmyfaq phpmyfaq 1.1.1

phpmyfaq phpmyfaq 1.4.3

phpmyfaq phpmyfaq 1.4.10

phpmyfaq phpmyfaq 1.4.9

phpmyfaq phpmyfaq 1.4.8

phpmyfaq phpmyfaq 1.4.7

phpmyfaq phpmyfaq 1.3.5

phpmyfaq phpmyfaq 1.3.2

phpmyfaq phpmyfaq 1.3.3

phpmyfaq phpmyfaq 1.3.8

phpmyfaq phpmyfaq 1.5.7

phpmyfaq phpmyfaq 1.5.8

phpmyfaq phpmyfaq 1.5.9

phpmyfaq phpmyfaq 1.6.0

phpmyfaq phpmyfaq 1.4a

phpmyfaq phpmyfaq 1.4.0

phpmyfaq phpmyfaq 2.5.3

phpmyfaq phpmyfaq 2.5.2

phpmyfaq phpmyfaq 2.0.17

phpmyfaq phpmyfaq 2.0.3

phpmyfaq phpmyfaq 2.5.0

phpmyfaq phpmyfaq 2.0.16

phpmyfaq phpmyfaq 2.0.15

phpmyfaq phpmyfaq 2.0.14

phpmyfaq phpmyfaq 0.65

phpmyfaq phpmyfaq 0.60

phpmyfaq phpmyfaq 1.2.4

phpmyfaq phpmyfaq 1.2.5

phpmyfaq phpmyfaq 1.0.1

phpmyfaq phpmyfaq 1.4.2

phpmyfaq phpmyfaq 1.4.1

phpmyfaq phpmyfaq 1.4.0a

phpmyfaq phpmyfaq 1.6.10

phpmyfaq phpmyfaq 1.4.11

phpmyfaq phpmyfaq 1.6.11

phpmyfaq phpmyfaq 1.3.0

phpmyfaq phpmyfaq 1.3.11

phpmyfaq phpmyfaq 1.3.13

phpmyfaq phpmyfaq 1.3.10

phpmyfaq phpmyfaq 1.6.5

phpmyfaq phpmyfaq 1.6.6

phpmyfaq phpmyfaq 1.5.1

phpmyfaq phpmyfaq 1.5.3

phpmyfaq phpmyfaq 2.0.4

phpmyfaq phpmyfaq 2.0.2

phpmyfaq phpmyfaq 2.0.7

phpmyfaq phpmyfaq 2.0.5

phpmyfaq phpmyfaq 1.6.8

phpmyfaq phpmyfaq 0.95

phpmyfaq phpmyfaq 0.80a

phpmyfaq phpmyfaq 0.70

phpmyfaq phpmyfaq 1.2.3

phpmyfaq phpmyfaq 1.2.1

phpmyfaq phpmyfaq 1.0.1a

phpmyfaq phpmyfaq 1.0

phpmyfaq phpmyfaq 1.3.14

phpmyfaq phpmyfaq 1.4.5

phpmyfaq phpmyfaq 1.5.4

phpmyfaq phpmyfaq 1.5.2

phpmyfaq phpmyfaq 1.2.5a

phpmyfaq phpmyfaq 1.3.4

phpmyfaq phpmyfaq 1.3.6

phpmyfaq phpmyfaq 1.5.5

phpmyfaq phpmyfaq 1.6.2

phpmyfaq phpmyfaq 1.6.4

phpmyfaq phpmyfaq 1.6.7

phpmyfaq phpmyfaq 1.3.12

Exploits

Exploit DB: phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/37180/info phpMyFAQ is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may a ...

References

CWE-79http://www.securityfocus.com/bid/37180http://secunia.com/advisories/37520https://nvd.nist.govhttps://www.exploit-db.com/exploits/33385/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook