Stored XSS in Add new question in thorsten/phpmyfaq
Reported on
Jan 8th 2023
Description
Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
steps
1-log in as an admin user first. 2-go to : https://roy.demo.phpmyfaq.de/admin/?action=editentry 3- add this payload in the description: "><svg/onload=alert(11);> 3- save it as a published post 4- open the main page https://roy.demo.phpmyfaq.de/ and the XSS will work.
// PoC.js var payload = "><svg/onload=alert(11);>
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.
Researcher
Hi, a public description of the stored XSS vulnerability
Researcher
Hi, I want to add myself to The CVE with My company Mohamed Lemin Veten,Resecurity,inc regards
Researcher
Hi, I want to add my company Name to The description of The CVE: Mohammed Lemin Veten,Resecurity,inc
