stored XSS Bypass in the TAGS Section and other places in the application in thorsten/phpmyfaq

Valid

Reported on

Aug 7th 2023

Hello,

I was able to bypass the XSS Protection and get a stored XSS using the XSS Payload in the Video and Screenshots.

Thank you for your time and effort.

Best regards Ahmed Hassan

Impact

Hello,

I was able to bypass the XSS Protection and get a stored XSS using the XSS Payload in the Video and Screenshots.

Thank you for your time and effort.

Best regards Ahmed Hassan

References

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a month ago

ahmedvienna modified the report

a month ago

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back a month ago

A thorsten/phpmyfaq maintainer has acknowledged this report a month ago

Thorsten Rinne validated this vulnerability a month ago

ahmedvienna has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.17 with commit 1037a8 a month ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability will not receive a CVE

This vulnerability is scheduled to go public on Aug 31st 2023

ahmedvienna

commented a month ago

Researcher

Hello. Can you assign it a CVE please.

Thorsten Rinne published this vulnerability 22 days ago

ahmedvienna

commented 21 days ago

Researcher

Hello. Can you assign it a CVE please.

ahmedvienna

commented 20 days ago

Researcher

Hello @admin can you please assign it a CVE.

ahmedvienna

commented 17 days ago

Researcher

Hello @admin. May i ask you to give me a CVE for this Finding ? I need IT for my Work. Thank you for understanding.

Ben Harvie

commented 10 days ago

Admin

The maintainer has the power to assign a CVE, we can assign one at the maintainers request. Thanks!

to join this conversation

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a month ago

ahmedvienna modified the report

a month ago

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back a month ago

A thorsten/phpmyfaq maintainer has acknowledged this report a month ago

Thorsten Rinne validated this vulnerability a month ago

ahmedvienna has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.17 with commit 1037a8 a month ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability will not receive a CVE

This vulnerability is scheduled to go public on Aug 31st 2023

ahmedvienna

commented a month ago

Researcher

Hello. Can you assign it a CVE please.

Thorsten Rinne published this vulnerability 22 days ago

ahmedvienna

commented 21 days ago

Researcher

Hello. Can you assign it a CVE please.

ahmedvienna

commented 20 days ago

Researcher

Hello @admin can you please assign it a CVE.

ahmedvienna

commented 17 days ago

Researcher

Hello @admin. May i ask you to give me a CVE for this Finding ? I need IT for my Work. Thank you for understanding.

Ben Harvie

commented 10 days ago

Admin

The maintainer has the power to assign a CVE, we can assign one at the maintainers request. Thanks!

to join this conversation