Family: Debian Local Security Checks --> Category: infos
[DSA109] DSA-109-1 faqomatic Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Due to unescaped HTML code Faq-O-Matic returned unverified scripting
code to the browser. With some tweaking this enables a possible hacker to
steal cookies from one of the Faq-O-Matic moderators or the admin.
Cross-Site Scripting is a type of problem that allows a malicious
context of the website running the Faq-O-Matic Frequently Asked
This problem has been fixed in version 2.603-1.2 for the stable Debian
distribution and version 2.712-2 for the current testing/unstable
We recommend that you upgrade your faqomatic package if you have it
Solution : http://www.debian.org/security/2002/dsa-109
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.