Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error message.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Faq-o-matic | Faq-o-matic | 2.712 (including) | 2.712 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=101285834018701\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=101293973111873\u0026w=2
- http://sourceforge.net/mailarchive/forum.php?thread_id=464940\u0026forum_id=6367
- http://www.debian.org/security/2002/dsa-109
- http://marc.info/?l=bugtraq\u0026m=101285834018701\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=101293973111873\u0026w=2
- http://sourceforge.net/mailarchive/forum.php?thread_id=464940\u0026forum_id=6367
- http://www.debian.org/security/2002/dsa-109