https://www.exploit-db.com/exploits/21405
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-287

Faq-O-Matic是一款基于WEB的FAQ管理系统，可运行在多种Linux和Unix操作系统下。Faq-O-Matic对用户提交给URL的数据没有正确充分的处理，导致攻击者可以进行跨站脚本攻击。Faq-O-Maticde中的fom.cgi脚本没有正确检查用户提交给”file”参数的内容，如果”file”参数的内容不存在，脚本就会把错误信息打印成HTML形式，攻击者可以在”file”参数中插入恶意脚本代码，当其他用户查看此连接时，就可以导致其中的脚本代码在用户浏览器上执行，导致基于Cookie认证的信息被泄露等问题。

source: http://www.securityfocus.com/bid/4565/info

Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question (FAQ) management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a malformed query, returning the submitted script as an error message which is then processed by the browser. This is done by submitting the script as an argument to the Faq-O-Matic component "fom.cgi" - specifically, to the "file" parameter. This script is then treated by the user's browser as though it originated from the Faq-O-Matic web site.

http://www.wherever.tld/path_to_Faq-O-Matic/fom?file=<script>alert('If+this+script+was+modified,+it+could+easily+steal+amigadev.net+cookies+and+log+them+to+a+remote+location')</script>&step

来源:BID
名称:4565
链接:http://www.securityfocus.com/bid/4565
来源:XF
名称:faqomatic-cgi-file-css(8906)
链接:http://www.iss.net/security_center/static/8906.php
来源:BUGTRAQ
名称:20020419AnotherFaq-O-MaticXSSVuln?
链接:http://archives.neohapsis.com/archives/bugtraq/2002-04/0287.html
来源：NSFOCUS
名称：2638
链接：http://www.nsfocus.net/vulndb/2638