FreeBSD : phpmyfaq -- XSS vulnerabilities (99021f88-ca3c-11df-be21-00e018aa7788)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyFAQ project reports :

The phpMyFAQ Team has learned of a security issue that has been
discovered in phpMyFAQ 2.6.x: phpMyFAQ doesn't sanitize some variables
in different pages correctly. With a properly crafted URL it is e.g.
possible to inject JavaScript code into the output of a page, which
could result in the leakage of domain cookies (f.e. session
identifiers)..

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=151055
http://www.phpmyfaq.de/advisory_2010-09-28.php
http://www.nessus.org/u?f2d9cc2c

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 49730 (freebsd_pkg_99021f88ca3c11dfbe2100e018aa7788.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now