CVE-2006-2252

Openfaq - XSS

Title source: rule

Description

Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kamil Sienicki · htmlwebappsphp

https://www.exploit-db.com/exploits/27821

View Code ZIP pw:eip

References (7)

[Third Party Advisory] http://securityreason.com/securityalert/850

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1684

[Third Party Advisory, VDB Entry] http://www.osvdb.org/25350

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/433120/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26286

[Exploit] http://www.securityfocus.com/bid/17860

[Vendor Advisory] http://secunia.com/advisories/20018

Scores

EPSS 0.0520

EPSS Percentile 90.0%

Details

Status published

Products (1)

openfaq/openfaq 0.4.0

Published May 09, 2006

Tracked Since Feb 18, 2026