phpmyfaq

Valid

Reported on

Apr 6th 2023

Description

Cross site scripting vulnerability in throsten /phpmyfaq in tag field at admin dashboard.

1 . Login to the demo admin account. https://roy.demo.phpmyfaq.de/admin/

2 . Go to admin dashboard --> Contents --> Add new FaQ -->Faq meta data

3 . Add payload in tag field (payload ="><iMg SrC="x" oNeRRor="alert(1);"> )

4 . Select Faq status as published

5 . click save

6 . Go to user account account https://roy.demo.phpmyfaq.de/

7 . open previously added question in categories

xss will trigger

This vulnerability is capable of stolen the user cookie

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 2 months ago

A thorsten/phpmyfaq maintainer has acknowledged this report 2 months ago

Thorsten Rinne gave praise 2 months ago

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Thorsten Rinne validated this vulnerability 2 months ago

Asura-N has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.13 with commit 514f4d 2 months ago

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Apr 30th 2023

Thorsten Rinne published this vulnerability a month ago

to join this conversation