FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyfaq -- cross site scripting vulnerabilities

Affected packages
phpmyfaq < 2.6.9


VuXML ID 99021f88-ca3c-11df-be21-00e018aa7788
Discovery 2010-09-28
Entry 2010-10-02

The phpMyFAQ project reports:

The phpMyFAQ Team has learned of a security issue that has been discovered in phpMyFAQ 2.6.x: phpMyFAQ doesn't sanitize some variables in different pages correctly. With a properly crafted URL it is e.g. possible to inject JavaScript code into the output of a page, which could result in the leakage of domain cookies (f.e. session identifiers)..


FreeBSD PR ports/151055