CVE-2009-4780
published 2010-04-21CVE-2009-4780: Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1)…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.18%
63.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
106 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmyfaq | phpmyfaq | <= 2.5.4 | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
| phpmyfaq | phpmyfaq | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2010-04-21
Published