Store XSS in FAQ Multisites in thorsten/phpmyfaq

Valid

Reported on

Sep 1st 2023

Description I noticed, your website is very secure.

But you overlooked a flaw XSS

Proof of Concept

1 .Login vs admin demo account and access admin page.

2 .Go to Configuration ==> FAQ Multisites

3 . Edit Instance URL with payload:

  javascript:alert(document.domain)

4 .Edit Instance path with payload:

%20

5 .Click Save instance ==Detect XSS

Video Poc

https://drive.google.com/file/d/1PoNK_Up7IEgR44NnFp-SI6O1wKWhI-ov/view?usp=sharing

Impact

This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 3 months ago

A thorsten/phpmyfaq maintainer has acknowledged this report 3 months ago

Thorsten Rinne validated this vulnerability 3 months ago

HaiNguyen has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.18 with commit ec551b 3 months ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Sep 30th 2023

HaiNguyen

commented 3 months ago

Researcher

great, thank you for your feedback.

Thorsten Rinne published this vulnerability 2 months ago

to join this conversation