Security Advisory 2009-09-01
phpMyFAQ 2.0.x XSS vulnerability
- Issued on:
- 2009-09-01
- Software:
- phpMyFAQ <= 2.5.1
- Risk:
- High
- Platforms:
- all
The phpMyFAQ Team has learned of a security issue that has been discovered in phpMyFAQ 2.x
Description
When using Microsoft Internet Explorer 6 or 7 phpMyFAQ doesn't sanitize a GET variable in the
search page correctly. With a properly crafted URL it is f.e. possible to inject HTML code into
the output of the error message, which could result in the leakage of domain cookies (f.e.
session identifiers).
Solution
The phpMyFAQ Team has released new phpMyFAQ versions 2.0.17 and 2.5.2 which fix the
vulnerability. All users of affected phpMyFAQ versions are encouraged to upgrade as soon as
possible to this latest version.
Workaround
There's no workaround except installing phpMyFAQ 2.0.17 or 2.5.2.
Credits
The phpMyFAQ Team would like to thank Or Katz from
Breach Security and YairLapin from the Hebrew University
of Jerusalem for reporting the vulnerability.