Stored xss real name in thorsten/phpmyfaq
Valid
Reported on
Feb 12th 2023
Description
In the admin account, there is a feature to add a user. In this feature, a vulnerability was found in the "Your Name" form.
Proof of Concept
1.go to https://roy.demo.phpmyfaq.de/admin/?action=user
2.add user with realname <script>alert('123')</script>
3.go to https://roy.demo.phpmyfaq.de/admin/?action=category
4.click button add new top-level category
POC https://drive.google.com/file/d/1X4LdpwFcrbR7pA1C1-0wIU46S8tIWt0v/view?usp=share_link
Impact
The attacker can steal sensitive information such as passwords, cookies, and other sensitive data from the victims who access the affected page.
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
7 months ago
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Mar 31st 2023
to join this conversation