XSS in hyperlink when create FAQ News in thorsten/phpmyfaq
Reported on
Feb 12th 2023
Description
Stored Cross-Site Scripting (XSS) through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the malicious script is executed in the user's browser, allowing the attacker to steal sensitive information, modify the appearance of the website, deliver malware, and perform other malicious actions.
Proof of Concept
1.Go to https://roy.demo.phpmyfaq.de/admin/?action=edit-news&id=4
2.Fill link form or title of the link form and post the faq news
3.Xss will trigger in main domain
https://drive.google.com/file/d/1mOAG06iMtCtxsoDm6g4r4taXCuVsvETT/view?usp=share_link
Impact
attacker with custom user rights can steal cooke
Sounds good, I'm here looking for a CVE. Usually, vulnerabilities in old versions are documented with a CVE. If possible, I would request that CVE assign. But if it's not allowed, I will close this report. BTW, Thank you for your cooperation on some of my reports.
I don't know if that's possible, maybe we can get some help from the @admin
is the demo version is 3.1.11? i was able to bypass xss and stored html injection
payload: javascript:alert('1') "><h1>test</h1>
Video >>
https://drive.google.com/file/d/1Kejf7YtLo2tKGZHcvNbvx_-K1NMZ5Adz/view?usp=share_link
yups, i tried in local with 3.1.11 can bypass using javascript:alert('1')