Stored XSS in FAQ comments in thorsten/phpmyfaq
Valid
Reported on
Dec 18th 2022
Description
Stored XSS in FAQ comments by any visitor or anonymous user that alerted in admin panel in comments page also it stored in the FAQ page itself via injecting XSS payload in "Name " and "Message" input fields .
Proof of Concept
https://drive.google.com/file/d/1XZexc1DkZjnzAXQwWfjyrZ_vUyTLcKgW/view?usp=sharing
Impact
Users and admin accounts takeover
Occurrences
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
5 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Jan 31st 2023
record.comments.php#L76
has been validated
to join this conversation
