stored HTML-Injection in the Comments Part in thorsten/phpmyfaq

Valid

Reported on

Feb 14th 2023


i was able to detect a stored HTML Injection by answering available questions.

Lets see :)


<h1> AHMED HASSAN STORED HTML INJECTION 1</h1>

will now answer a question

Comment sent lets see the stored HTML Injection

As you can see the stored HTML Injection is working.

Thanks for watching.

Impact

i was able to detect a stored HTML Injection by answering available questions.

Lets see :)


<h1> AHMED HASSAN STORED HTML INJECTION 1</h1>

will now answer a question

Comment sent lets see the stored HTML Injection

As you can see the stored HTML Injection is working.

Thanks for watching.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 7 months ago
ahmedvienna modified the report
7 months ago
thorsten/phpmyfaq maintainer has acknowledged this report 7 months ago
Thorsten Rinne modified the Severity from Medium (6.3) to Medium (6.3) 7 months ago
Thorsten Rinne validated this vulnerability 7 months ago
ahmedvienna has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.12 with commit 128ef8 7 months ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Mar 31st 2023
ahmedvienna
7 months ago

Researcher


Hello Thorsten.

I have a question, please. Can you assign the CVE to 2 Persons or more in case we worked together ?

Best Regards Ahmed Hassan

Thorsten Rinne published this vulnerability 6 months ago
to join this conversation