CVE-2007-6633

Name of the Vulnerable Software and Affected Versions FAQMasterFlexPlus versions 1.5 through 1.52

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the cat name parameter to "faq.php" and unspecified parameters in various Admin scripts, including add categories, edit categories, delete categories, add faq, edit faq, and delete faq.

Recommendations For FAQMasterFlexPlus versions 1.5 through 1.52, consider restricting access to the vulnerable Admin scripts until a patch is available. As a temporary workaround, avoid using the cat name parameter in the "faq.php" script. Additionally, restrict the use of unspecified parameters in the affected Admin scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.