phpMyFAQ Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2009-4040

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and 2.5.x before 2.5.2 when used with Internet Explorer 6 or 7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the search page.