Stored xss real name in thorsten/phpmyfaq

Valid

Reported on

Feb 12th 2023

Description

In the admin account, there is a feature to add a user. In this feature, a vulnerability was found in the "Your Name" form.

Proof of Concept

1.go to https://roy.demo.phpmyfaq.de/admin/?action=user
2.add user with realname <script>alert('123')</script>
3.go to https://roy.demo.phpmyfaq.de/admin/?action=category
4.click button add new top-level category

POC https://drive.google.com/file/d/1X4LdpwFcrbR7pA1C1-0wIU46S8tIWt0v/view?usp=share_link

Impact

The attacker can steal sensitive information such as passwords, cookies, and other sensitive data from the victims who access the affected page.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 7 months ago

A thorsten/phpmyfaq maintainer has acknowledged this report 7 months ago

Thorsten Rinne validated this vulnerability 7 months ago

isdkrisna has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.12 with commit 56295b 7 months ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Mar 31st 2023

Thorsten Rinne published this vulnerability 6 months ago

to join this conversation