Stored XSS in Add new question in thorsten/phpmyfaq

Valid

Reported on

Jan 8th 2023


Description

Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

steps

1-log in as an admin user first. 2-go to : https://roy.demo.phpmyfaq.de/admin/?action=editentry 3- add this payload in the description: "><svg/onload=alert(11);> 3- save it as a published post 4- open the main page https://roy.demo.phpmyfaq.de/ and the XSS will work.

// PoC.js var payload = "><svg/onload=alert(11);>

Impact

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 4 months ago
Thorsten Rinne
4 months ago

Maintainer


@leminv What description do you mean exactly?

thorsten/phpmyfaq maintainer has acknowledged this report 4 months ago
Thorsten Rinne gave praise 4 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne validated this vulnerability 4 months ago
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.10 with commit 1815da 4 months ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Jan 31st 2023

Hi, a public description of the stored XSS vulnerability


Hi, I want to add myself to The CVE with My company Mohamed Lemin Veten,Resecurity,inc regards

Thorsten Rinne published this vulnerability 4 months ago

Hi, I want to add my company Name to The description of The CVE: Mohammed Lemin Veten,Resecurity,inc

to join this conversation