Stored XSS in FAQ comments in thorsten/phpmyfaq


Reported on

Dec 18th 2022


Stored XSS in FAQ comments by any visitor or anonymous user that alerted in admin panel in comments page also it stored in the FAQ page itself via injecting XSS payload in "Name " and "Message" input fields .

Proof of Concept


Users and admin accounts takeover

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago
thorsten/phpmyfaq maintainer has acknowledged this report a year ago
Thorsten Rinne gave praise a year ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne validated this vulnerability a year ago
Mohamed Abdelhady has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.10 with commit 53099a a year ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Jan 31st 2023
record.comments.php#L76 has been validated
Thorsten Rinne published this vulnerability a year ago
to join this conversation