stored XSS in the Category Field Name in thorsten/phpmyfaq
Valid
Reported on
Feb 14th 2023
Hello,
After all XSS Mitigations, I detected a XSS Bypass Possibility in the Naming of the category.
Let's see :)
A stored XSS through this Payload
Thank you for watching :)
Impact
Hello,
After all XSS Mitigations, I detected a XSS Bypass Possibility in the Naming of the category.
Let's see :)
A stored XSS through this Payload
Thank you for watching :)
References
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
2 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Mar 31st 2023
Hello,
Did you publish the CVE for this Vulnerability? Cause i can not recognize the CVE assigned to it.
Thank you very much.
And maybe also to mention that the last 2 CVE's did not have my Name includest on the NIST Website. Maybe it can be edited to my Name.
CVE's:
CVE-2023-0787 CVE-2023-0791
to join this conversation