XSS in hyperlink when create FAQ News in thorsten/phpmyfaq
Feb 12th 2023
Stored Cross-Site Scripting (XSS) through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the malicious script is executed in the user's browser, allowing the attacker to steal sensitive information, modify the appearance of the website, deliver malware, and perform other malicious actions.
Proof of Concept
1.Go to https://roy.demo.phpmyfaq.de/admin/?action=edit-news&id=4 2.Fill link form or title of the link form and post the faq news 3.Xss will trigger in main domain
attacker with custom user rights can steal cooke
payload xss in point 2
Sounds good, I'm here looking for a CVE. Usually, vulnerabilities in old versions are documented with a CVE. If possible, I would request that CVE assign. But if it's not allowed, I will close this report. BTW, Thank you for your cooperation on some of my reports.
I don't know if that's possible, maybe we can get some help from the @admin
is the demo version is 3.1.11? i was able to bypass xss and stored html injection