Description
Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25854
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111928841328681&w=2
Exploit x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00083-06202005
Scores
EPSS
0.0045
EPSS Percentile
63.5%
Details
Status
published
Products (1)
php_arena/pafaq
1.0_beta_4
Published
Jun 20, 2005
Tracked Since
Feb 18, 2026