stored XSS in the Category Field Name in thorsten/phpmyfaq

Valid

Reported on

Feb 14th 2023

Hello,

After all XSS Mitigations, I detected a XSS Bypass Possibility in the Naming of the category.

Let's see :)

A stored XSS through this Payload

Thank you for watching :)

Impact

Hello,

After all XSS Mitigations, I detected a XSS Bypass Possibility in the Naming of the category.

Let's see :)

A stored XSS through this Payload

Thank you for watching :)

References

stored XSS in the Category Field Name

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 7 months ago

A thorsten/phpmyfaq maintainer has acknowledged this report 7 months ago

Thorsten Rinne gave praise 7 months ago

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Thorsten Rinne validated this vulnerability 7 months ago

josefjku has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.12 with commit fecc80 7 months ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Mar 31st 2023

Thorsten Rinne published this vulnerability 6 months ago

josefjku

commented 6 months ago

Researcher

Hello,

Did you publish the CVE for this Vulnerability? Cause i can not recognize the CVE assigned to it.

Thank you very much.

josefjku

commented 6 months ago

Researcher

And maybe also to mention that the last 2 CVE's did not have my Name includest on the NIST Website. Maybe it can be edited to my Name.

CVE's:

CVE-2023-0787 CVE-2023-0791

to join this conversation

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 7 months ago

A thorsten/phpmyfaq maintainer has acknowledged this report 7 months ago

Thorsten Rinne gave praise 7 months ago

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Thorsten Rinne validated this vulnerability 7 months ago

josefjku has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.12 with commit fecc80 7 months ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Mar 31st 2023

Thorsten Rinne published this vulnerability 6 months ago

josefjku

commented 6 months ago

Researcher

Hello,

Did you publish the CVE for this Vulnerability? Cause i can not recognize the CVE assigned to it.

Thank you very much.

josefjku

commented 6 months ago

Researcher

And maybe also to mention that the last 2 CVE's did not have my Name includest on the NIST Website. Maybe it can be edited to my Name.

CVE's:

CVE-2023-0787 CVE-2023-0791

to join this conversation