CVE-2010-4821 | HackTesting

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

References

http://dl.packetstormsecurity.net/1009-exploits/phpmyfaq268-xss.txt

https://exchange.xforce.ibmcloud.com/vulnerabilities/62092

http://secunia.com/advisories/41625

http://www.phpmyfaq.de/advisory_2010-09-28.php

http://www.openwall.com/lists/oss-security/2012/03/08/2

http://seclists.org/bugtraq/2010/Sep/207

http://www.openwall.com/lists/oss-security/2012/03/08/7

http://www.osvdb.org/68268