Description

Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.

Remediation

References

CVE-2005-3734

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2002-1809)

MySQL CVE-2023-21950 Vulnerability (CVE-2023-21950)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17309)

WordPress Plugin CiviCRM Security Bypass (5.35.1)

Joomla! Core 3.x.x SQL Injection (3.1.0 - 3.2.2)

Severity

Medium

Classification

CVE-2005-3734

Tags

Missing Update Known Vulnerabilities