Description

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2, when used with Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.

Remediation

References

CVE-2009-4040

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2023-37300)

WordPress Plugin Simply Static Multiple Vulnerabilities (1.7.0)

WordPress Plugin WooCommerce Anti-Fraud Security Bypass (3.2)

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Disclosure (3.7)

WordPress Plugin WP Symposium Multiple Vulnerabilities (14.10)

Severity

Medium

Classification

CVE-2009-4040 CWE-707

Tags

Missing Update Known Vulnerabilities