Stored cross site scripting vulnerability in thorsten/phpmyfaq in thorsten/phpmyfaq


Reported on

Apr 5th 2023


Stored cross site scripting vulnerability in "name" field in add question module. This allows attacker to stolen user cookies.

Proof of Concept

1 . Login to the demo account

2 . Login as demo user

3 . Click add question

4 . Add payload in "Your Name" (payload = "><iMg SrC="x" oNeRRor="alert(1);"> )

5 . Fill the question form and submit. 6 . Now login to admin account and go to dashboard

7 . Go to open questions 8 . Click "answer the question" the payload question earlier you added

9 . Alert will popup


The attacker is able to stolen the user session

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 2 months ago
We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 2 months ago
thorsten/phpmyfaq maintainer has acknowledged this report 2 months ago
Thorsten Rinne gave praise 2 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne validated this vulnerability 2 months ago
Asura-N has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.13 with commit 0a4980 2 months ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Apr 30th 2023
Thorsten Rinne published this vulnerability a month ago
to join this conversation