phpmyfaq

Valid

Reported on

Apr 5th 2023

Description

Stored cross site scripting vulnerability in "name" field in add question module. This allows attacker to stolen user cookies.

1 . Login to the demo account https://roy.demo.phpmyfaq.de/

2 . Login as demo user

3 . Click add question

4 . Add payload in "Your Name" (payload = "><iMg SrC="x" oNeRRor="alert(1);"> )

5 . Fill the question form and submit. 6 . Now login to admin account and go to dashboard

7 . Go to open questions 8 . Click "answer the question" the payload question earlier you added

9 . Alert will popup

The attacker is able to stolen the user session

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 2 months ago

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 2 months ago

A thorsten/phpmyfaq maintainer has acknowledged this report 2 months ago

Thorsten Rinne gave praise 2 months ago

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Thorsten Rinne validated this vulnerability 2 months ago

Asura-N has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.13 with commit 0a4980 2 months ago

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Apr 30th 2023

Thorsten Rinne published this vulnerability a month ago

to join this conversation