Reflect Cross Site Scripting in thorsten/phpmyfaq


Reported on

Nov 26th 2022


Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Proof of Concept

Go to your web phpmyfaq and visit below URL.

Exploit URL:

Payload USE:  "><ScRiPt>alert(9699)</ScRiPt>

#YO Maintainer :) Long Time No SEE !


Attacker can execute javascript, Anyone can steal the cookie, redirect to any URL and other lots of FUN.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago
thorsten/phpmyfaq maintainer has acknowledged this report a year ago
Thorsten Rinne validated this vulnerability a year ago
AggressiveUser has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.9 with commit 1d73af a year ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Dec 31st 2022
a year ago


Hi @maintainer can i have CVE for this valid report :), Allow @admin to do it.

Thorsten Rinne
a year ago



a year ago


Hi @Admin look in to this :)

a year ago


As you can see above, a CVE has been assigned and will be published on Dec 31st :))

Thorsten Rinne gave praise a year ago
Thanks, v3.1.9 is now released!
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne published this vulnerability a year ago
to join this conversation