Reflected XSS in send2friend.php in thorsten/phpmyfaq
Valid
Reported on
Feb 17th 2023
Description
There is a reflected XSS in send2friend because the 'artlang' parameter is not sanitized.
Proof of Concept
visit http://phpmyfaq.local/?action=send2friend&artlang=aaaa"%3E%3Cscript%3Ealert(1);%3C/script%3E
Fix
sanitize the '$faqLanguage' variable in https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/send2friend.php#L70
Impact
Taking over the admin account.
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
3 months ago
TsarSec modified the report
3 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
The researcher's credibility has increased: +7
Thorsten Rinne
has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Mar 31st 2023
to join this conversation
