Stored Cross-site scripting in thorsten/phpmyfaq

Valid

Reported on

Oct 20th 2022

Description

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Proof of Concept

Visit: http://<ip>/phpmyfaq/admin/?action=meta Click button Add template meta data Inject payload in field Page type: "><script>alert("XSS")</script> and Save Every time you go to http://<ip>/phpmyfaq/admin/?action=meta, payload XSS will execute Image POC: https://drive.google.com/file/d/1iezIdmxcCBY8G714AUFGIm3fI145yiC1/view?usp=sharing

Impact

Attacker can inject Javascript steal cookie, deface website ....

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 3 months ago

Hoang Van Hiep modified the report

3 months ago

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 3 months ago

A thorsten/phpmyfaq maintainer has acknowledged this report 3 months ago

Thorsten Rinne gave praise 3 months ago

Thank you, here's the fix: https://github.com/thorsten/phpMyFAQ/commit/372428d02a08e90b3a253ba5c506cda84581a5af

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Hoang Van Hiep

commented 3 months ago

Researcher

can we assign cve?

Hoang Van Hiep

commented 3 months ago

Researcher

Hi @maintainer @admin if possible can we assign CVE id for this vulnerability?

Pavlos

commented 3 months ago

Admin

@maintainer can you please mark this report as valid, fixed and then publish it? Also at the request of the researcher, can we assign a CVE?

Thorsten Rinne validated this vulnerability 3 months ago

Hoang Van Hiep has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.8 with commit 372428 3 months ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability has been assigned a CVE

Thorsten Rinne published this vulnerability 2 months ago

to join this conversation

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 3 months ago

Hoang Van Hiep modified the report

3 months ago

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 3 months ago

A thorsten/phpmyfaq maintainer has acknowledged this report 3 months ago

Thorsten Rinne gave praise 3 months ago

Thank you, here's the fix: https://github.com/thorsten/phpMyFAQ/commit/372428d02a08e90b3a253ba5c506cda84581a5af

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Hoang Van Hiep

commented 3 months ago

Researcher

can we assign cve?

Hoang Van Hiep

commented 3 months ago

Researcher

Hi @maintainer @admin if possible can we assign CVE id for this vulnerability?

Pavlos

commented 3 months ago

Admin

@maintainer can you please mark this report as valid, fixed and then publish it? Also at the request of the researcher, can we assign a CVE?

Thorsten Rinne validated this vulnerability 3 months ago

Hoang Van Hiep has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.8 with commit 372428 3 months ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability has been assigned a CVE

Thorsten Rinne published this vulnerability 2 months ago

to join this conversation