CVE-2009-4780

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 2.5.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters in different actions, including the lang parameter in a "sitemap" action, the search parameter in a "search" action, the tagging id parameter in a "search" action, the highlight parameter in an "artikel" action, the artlang parameter in an "artikel" action, the letter parameter in a "sitemap" action, the lang parameter in a "show" action, the cat parameter in a "show" action, the newslang parameter in a "news" action, the artlang parameter in a "send2friend" action, the cat parameter in a "send2friend" action, the id parameter in a "send2friend" action, the srclang parameter in a "translate" action, the id parameter in a "translate" action, the cat parameter in a "translate" action, the cat parameter in an "add" action, or the question parameter in an "add" action.

Recommendations For phpMyFAQ versions prior to 2.5.5, update to version 2.5.5 or later to resolve the issue.