Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Valid

Reported on

Oct 16th 2021


✍️ Description

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing.

Proof of Concept

Check this video for POC: Video

Impact

This can allow attackers to execute arbitrary JavaScript code in different contexts for different purposes (eg: a malicious attacker could potentially steal the victim's session cookies and completely takeover their accounts).

We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 7 months ago
Thorsten Rinne validated this vulnerability 7 months ago
0x7zed has been awarded the disclosure bounty
The fix bounty is now up for grabs
Thorsten Rinne
7 months ago

Maintainer


Which browser do you use here? I cannot reproduce it with the current version of Brave.

0x7zed
7 months ago

Researcher


I don't think it's a browser issue, i was able to reproduce the issue with this payload <img src=x onerror=alert(0)> in the current version of Brave

Thorsten Rinne submitted a
7 months ago
Thorsten Rinne submitted a
7 months ago
Thorsten Rinne confirmed that a fix has been merged on 560239 4 months ago
Thorsten Rinne has been awarded the fix bounty
Meta.php#L172-L174 has been validated
Meta.php#L64-L66 has been validated
to join this conversation