stored XSS in the Category Field Name in thorsten/phpmyfaq
Reported on
Feb 14th 2023
Hello,
After all XSS Mitigations, I detected a XSS Bypass Possibility in the Naming of the category.
Let's see :)
A stored XSS through this Payload
Thank you for watching :)
Impact
Hello,
After all XSS Mitigations, I detected a XSS Bypass Possibility in the Naming of the category.
Let's see :)
A stored XSS through this Payload
Thank you for watching :)
References
Hello,
Did you publish the CVE for this Vulnerability? Cause i can not recognize the CVE assigned to it.
Thank you very much.
And maybe also to mention that the last 2 CVE's did not have my Name includest on the NIST Website. Maybe it can be edited to my Name.
CVE's:
CVE-2023-0787 CVE-2023-0791