← back
CVE-2007-6633

CVE-2007-6633

EPSS 1.7%
Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/30945unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059318.htmlhttp://osvdb.org/39664http://secunia.com/advisories/28248https://exchange.xforce.ibmcloud.com/vulnerabilities/39287http://www.securityfocus.com/archive/1/485589/100/0/threadedhttp://www.securityfocus.com/bid/27051