Stored cross site scripting vulnerability in thorsten/phpmyfaq in thorsten/phpmyfaq

Valid

Reported on

Apr 5th 2023


Description

Stored cross site scripting vulnerability in "name" field in add question module. This allows attacker to stolen user cookies.

Proof of Concept

1 . Login to the demo account https://roy.demo.phpmyfaq.de/

2 . Login as demo user

3 . Click add question

4 . Add payload in "Your Name" (payload = "><iMg SrC="x" oNeRRor="alert(1);"> )

5 . Fill the question form and submit. 6 . Now login to admin account and go to dashboard

7 . Go to open questions 8 . Click "answer the question" the payload question earlier you added

9 . Alert will popup

Impact

The attacker is able to stolen the user session

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago
We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back a year ago
thorsten/phpmyfaq maintainer has acknowledged this report a year ago
Thorsten Rinne gave praise a year ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne validated this vulnerability a year ago
asura-n has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.13 with commit 0a4980 a year ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has now been published 10 months ago
to join this conversation