CVE-2007-6633

FAQMasterFlexPlus <1.52 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via (1) the cat_name parameter to faq.php; and unspecified parameters to the (2) add categories, (3) edit categories, (4) delete categories, (5) add faq, (6) edit faq, and (7) delete faq Admin scripts.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Juan Galiana Lara · textwebappsphp

https://www.exploit-db.com/exploits/30945

View Code ZIP pw:eip

References (6)

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059318.html

[Third Party Advisory, VDB Entry] http://osvdb.org/39664

[Vendor Advisory] http://secunia.com/advisories/28248

[Exploit] http://www.securityfocus.com/bid/27051

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39287

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485589/100/0/threaded

Scores

EPSS 0.0246

EPSS Percentile 85.1%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

netbizcity/faqmasterflexplus

Timeline

Published Jan 04, 2008

Tracked Since Feb 18, 2026