Stored XSS in Add new question in thorsten/phpmyfaq

Valid

Reported on

Jan 8th 2023


Description

Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

steps

1-log in as an admin user first. 2-go to : https://roy.demo.phpmyfaq.de/admin/?action=editentry 3- add this payload in the description: "><svg/onload=alert(11);> 3- save it as a published post 4- open the main page https://roy.demo.phpmyfaq.de/ and the XSS will work.

// PoC.js var payload = "><svg/onload=alert(11);>

Impact

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago
Thorsten Rinne
a year ago

Maintainer


@leminv What description do you mean exactly?

thorsten/phpmyfaq maintainer has acknowledged this report a year ago
Thorsten Rinne gave praise a year ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne validated this vulnerability a year ago
leminv has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.10 with commit 1815da a year ago
Thorsten Rinne has been awarded the fix bounty
Mohamed Lemin
a year ago

Researcher


Hi, a public description of the stored XSS vulnerability

Mohamed Lemin
a year ago

Researcher


Hi, I want to add myself to The CVE with My company Mohamed Lemin Veten,Resecurity,inc regards

This vulnerability has now been published a year ago
Mohamed Lemin
a year ago

Researcher


Hi, I want to add my company Name to The description of The CVE: Mohammed Lemin Veten,Resecurity,inc

to join this conversation