Store XSS in FAQ Multisites in thorsten/phpmyfaq
Sep 1st 2023
Description I noticed, your website is very secure.
But you overlooked a flaw XSS
Proof of Concept
1 .Login vs admin demo account and access admin page.
2 .Go to Configuration ==> FAQ Multisites
3 . Edit Instance URL with payload:
4 .Edit Instance path with payload:
5 .Click Save instance ==Detect XSS
This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...