1. CVE-Search
  2. CVE-2005-3734
ID CVE-2005-3734
Summary Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha1:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha2:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_alpha2:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta3:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_beta3:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc4:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc4:*:*:*:*:*:*:*
  • cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc5:*:*:*:*:*:*:*
    cpe:2.3:a:phpmyfaq:phpmyfaq:1.5_rc5:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 19-10-2018 - 15:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 15504
bugtraq 20051119 [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ
confirm http://www.phpmyfaq.de/advisory_2005-11-18.php
misc http://www.trapkit.de/advisories/TKADV2005-11-004.txt
osvdb 20989
secunia 17649
sreason 196
vupen ADV-2005-2505
Last major update 19-10-2018 - 15:38
Published 22-11-2005 - 00:03
Last modified 19-10-2018 - 15:38
Back to Top