Description

Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.

Remediation

References

CVE-2005-3734

Related Vulnerabilities

WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Multiple Vulnerabilities (1.12.20)

WordPress Plugin Mikiurl WordPress Eklentisi Cross-Site Request Forgery (2.0)

WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.9)

WordPress Plugin Simple Share Buttons Adder Cross-Site Scripting (5.6)

TwistedHTTP Request Splitting Vulnerability (CVE-2020-10109)

Severity

Medium

Classification

CVE-2005-3734

Tags

Missing Update Known Vulnerabilities