XSS in hyperlink when create FAQ News in thorsten/phpmyfaq
Feb 12th 2023
Stored Cross-Site Scripting (XSS) through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the malicious script is executed in the user's browser, allowing the attacker to steal sensitive information, modify the appearance of the website, deliver malware, and perform other malicious actions.
Proof of Concept
1.Go to https://roy.demo.phpmyfaq.de/admin/?action=edit-news&id=4
2.Fill link form or title of the link form and post the faq news
3.Xss will trigger in main domain
attacker with custom user rights can steal cooke