CVE-2005-3734

Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.

Published: Nov 22, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3734
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpmyfaq / phpmyfaq	1.5_rc5	1.5_rc5.x
phpmyfaq / phpmyfaq	1.5_rc4	1.5_rc4.x
phpmyfaq / phpmyfaq	1.5_alpha1	1.5_alpha1.x
phpmyfaq / phpmyfaq	1.5_alpha2	1.5_alpha2.x
phpmyfaq / phpmyfaq	1.5.1	1.5.1.x
phpmyfaq / phpmyfaq	1.5.3	1.5.3.x
phpmyfaq / phpmyfaq	1.5_rc2	1.5_rc2.x
phpmyfaq / phpmyfaq	1.5_beta2	1.5_beta2.x
phpmyfaq / phpmyfaq	1.5_rc3	1.5_rc3.x
phpmyfaq / phpmyfaq	1.5_rc1	1.5_rc1.x
phpmyfaq / phpmyfaq	1.5_beta1	1.5_beta1.x
phpmyfaq / phpmyfaq	1.5	1.5.x
phpmyfaq / phpmyfaq	1.5_beta3	1.5_beta3.x

http://secunia.com/advisories/17649
http://securityreason.com/securityalert/196
http://www.osvdb.org/20989
http://www.phpmyfaq.de/advisory_2005-11-18.php
http://www.securityfocus.com/archive/1/417219/30/0/threaded
http://www.securityfocus.com/bid/15504
http://www.trapkit.de/advisories/TKADV2005-11-004.txt
http://www.vupen.com/english/advisories/2005/2505

Vulnerability Database

290,278

CVE-2005-3734